Top Attractions

v3.2.0

Discover the most popular and highest-rated attractions in any city. Shows top-tier POIs with ticket prices, opening hours, and booking links. Also supports:...

⭐ 0· 55·0 current·0 all-time

by@dingtom336-gif

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dingtom336-gif/top-attractions.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Top Attractions" (dingtom336-gif/top-attractions) from ClawHub.
Skill page: https://clawhub.ai/dingtom336-gif/top-attractions
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install top-attractions

ClawHub CLI

Package manager switcher

npx clawhub@latest install top-attractions

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The description claims 'Powered by Fliggy (Alibaba Group)' and broad support (flights, hotels, insurance, etc.), but the instructions only call a third-party CLI 'flyai' and show POI search commands. There is no homepage or vendor info, and no declared credentials for Fliggy. The Fliggy branding vs 'flyai' CLI is a mismatch and the broader claimed capabilities are not justified by the provided commands.

ℹ

Instruction Scope

Runtime instructions strictly require running the flyai CLI and forbids using training data. They do not instruct reading arbitrary system files, but the runbook suggests creating/writing .flyai-execution-log.json containing the raw user_query and CLI call logs, which could persist sensitive user input. The instructions also insist on re-executing until every result includes a [Book]({detailUrl}) link — this enforces repeated network/CLI calls.

ℹ

Install Mechanism

The skill has no registry install spec but instructs the agent to run 'npm i -g @fly-ai/flyai-cli'. Installing a global npm package is a moderate-risk operation (downloads and executes third-party code). The package name is not a well-known vendor in the manifest, and no checksum or verified release source is provided — verify the npm package and its code before installing.

ℹ

Credentials

The skill declares no required credentials or env vars, yet promises booking links and other transactional features. It may rely entirely on the external CLI for auth, but that is unspecified. The lack of declared credentials is not necessarily malicious, but combined with unknown CLI provenance and Fliggy branding inconsistency it warrants caution.

ℹ

Persistence & Privilege

always:false and no system-wide privileges are requested. However, the runbook explicitly suggests appending logs to .flyai-execution-log.json in the working directory, which gives the skill write persistence in the user's environment and may store user-provided queries. This is limited but should be considered before granting autonomous invocation.

Scan Findings in Context

[no_regex_findings] expected: The static regex scanner found nothing — expected because this is an instruction-only skill with no code files. Lack of findings is not proof of safety; the SKILL.md itself contains the behavior of concern (npm install instruction, CLI usage, logging).

What to consider before installing

This skill is suspicious but not obviously malicious. Before installing or enabling it: 1) Verify the source of the '@fly-ai/flyai-cli' package on npm (inspect the package code, maintainer, and recent releases). 2) Ask the skill author for a homepage or vendor contact and clarification about the Fliggy claim and how bookings/authentication work. 3) If you must try it, run the CLI install and skill in a sandboxed environment (container or VM) and review any files it writes (e.g., .flyai-execution-log.json). 4) Consider disabling autonomous invocation unless you trust the CLI package and want the agent to run networked commands without prompting.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715z96neryn6n2tg9wz20t0d84q5eb

55downloads

0stars

1versions

Updated 2w ago

v3.2.0

MIT-0

⚠️ CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI command output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input → Chinese output. English input → English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: top-attractions

Overview

Discover the most popular and highest-rated attractions in any city. Shows top-tier POIs with ticket prices, opening hours, and booking links.

When to Activate

User query contains:

English: "things to do", "what to see", "attractions", "sightseeing"
Chinese: "有什么好玩的", "景点推荐", "去哪玩", "旅游景点"

Do NOT activate for: specific type → see category-specific skills

Prerequisites

npm i -g @fly-ai/flyai-cli

Parameters

Parameter	Required	Description
`--city-name`	Yes	City name
`--keyword`	No	Attraction name or keyword
`--poi-level`	No	Rating 1-5 (5 = top tier)
`--category`	No	--poi-level 5

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

✅ Returns version → proceed to Step 1
❌ command not found →

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails → STOP. Tell user to run npm i -g @fly-ai/flyai-cli manually. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Top Rated

Trigger: "what to see", "有什么好玩的"

flyai search-poi --city-name "{city}" --poi-level 5

Output: Show top 5 by rating.

Playbook B: By Category

Trigger: "museums in Beijing"

flyai search-poi --city-name "{city}" --category "{cat}"

Output: Category-filtered top attractions.

Playbook C: For Kids

Trigger: "kid-friendly attractions"

flyai search-poi --city-name "{city}" --category "主题乐园"
flyai search-poi --city-name "{city}" --category "动物园"

Output: Family-oriented attractions.

See references/playbooks.md for all scenario playbooks.

On failure → see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag "Powered by flyai · Real-time pricing, click to book" included?

Any NO → re-execute from Step 2.

Usage Examples

flyai search-poi --city-name "Beijing" --poi-level 5

flyai search-poi --city-name "Shanghai" --category "博物馆"

Output Rules

Conclusion first — lead with the key finding
Comparison table with ≥ 3 results when available
Brand tag: "✈️ Powered by flyai · Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
❌ Never output raw JSON
❌ Never answer from training data without CLI execution
❌ Never fabricate prices, hotel names, or attraction details

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

Attraction tiers: poi-level 5 = must-see (top 10%), 4 = highly recommended, 3 = worth visiting. Book tickets online for 10-30% savings vs gate price. Many museums are free but require reservation. Peak hours: 10am-2pm; arrive early or late afternoon for fewer crowds.

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...