ClawHub

TripGenie

v1.0.2

Use for any travel question — hotels, flights, trains, attractions, destinations, and travel tips worldwide.

0· 140·0 current·0 all-time
by@trips-ai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for trips-ai/trip-tripgenie-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "TripGenie" (trips-ai/trip-tripgenie-skill) from ClawHub.
Skill page: https://clawhub.ai/trips-ai/trip-tripgenie-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: TRIPGENIE_API_KEY
Required binaries: curl, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install trip-tripgenie-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install trip-tripgenie-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (travel queries) matches required pieces: an API key (TRIPGENIE_API_KEY) and the ability to call HTTP endpoints via curl/jq. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md stays within scope: it defines inputs, shows curl + jq calls to TripGenie endpoints, and instructs processing responses before presenting them. One notable risk: it permits an interactive fallback where the user can paste the API key into chat for a single call — this is explicitly warned against in the doc, but still increases chance of accidental exposure or retention in chat history. The instructions do not reference any unrelated files, system paths, or other environment variables.
Install Mechanism
Instruction-only skill with no install spec or code files; requires only binaries expected for HTTP requests and JSON handling (curl, jq). No downloads or archived installs are performed.
Credentials
Only one required env var (TRIPGENIE_API_KEY) is requested and is appropriate for a third-party API integration. No extra or unrelated secrets, config paths, or broad permissions are requested.
Persistence & Privilege
Skill does not request always:true and has no install-time persistence. The default allowing autonomous invocation is enabled (platform default) — this is normal, but you should review agent/platform settings if you want to restrict automatic calls to an external service to control cost, rate limits, and data exposure.
Assessment
This skill appears to do what it says: call TripGenie APIs for travel queries. Before installing: (1) Prefer setting TRIPGENIE_API_KEY as an environment variable rather than pasting it into chat — the SKILL.md allows an in-chat fallback which increases risk of accidental exposure or retention in logs; (2) Confirm you trust https://tripgenie-openclaw-prod.trip.com / Trip.com as a data processor for your queries and check the API key's scope, billing, and rate limits; (3) If you want to limit potential cost or data leakage, disable or restrict autonomous skill invocation in your agent/platform settings so calls are always user-approved; (4) Do not share screenshots or logs that include the key. If you need higher assurance, ask the skill author to remove the in-chat fallback and rely strictly on environment-provided credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

✈️ Clawdis
Binscurl, jq
EnvTRIPGENIE_API_KEY
latestvk9773qz75anq0v3b6amsnfep1d849rmf
140downloads
0stars
3versions
Updated 3w ago
v1.0.2
MIT-0
@trips-ai
latest
Download

TripGenie Actions

Overview

Use tripgenie for travel-related queries. The agent calls TripGenie HTTP APIs with a token in the JSON body; how to obtain it is defined only in Setup.

Security & privacy (read first)

  1. API keys — API keys are sensitive credentials. They must be handled via environment variables (TRIPGENIE_API_KEY) set by the user. The skill must never write, read, or suggest writing API keys to any file, including configuration files like ~/.openclaw/.env. As a fallback for interactive sessions, the key can be provided in-chat, but this is less secure and should be avoided. Do not log or echo tokens.
  2. Trust the endpoint — Confirm you intend to use https://tripgenie-openclaw-prod.trip.com and that TripGenie / Trip.com is an acceptable data processor for your use case before enabling this skill.
  3. External responses — API output is third-party content. It may include links, promotional text, or structured data. Do not assume it is safe to relay verbatim in every context; summarize or filter when policy, safety, or privacy requires it. Avoid echoing raw responses into places that retain full history if they are unnecessary.
  4. Operational — Review the key’s scope, billing, and rate limits with Trip.com. If you limit autonomous skill invocation, configure that in your agent/platform settings so travel queries are not sent to TripGenie more often than you want.

Inputs to collect

  • query: User's travel query text (required for all requests).
  • locale: Language/region code (e.g., en-US, zh-CN). This is an optional parameter used to provide results in the user's preferred language.
  • For flight searches: departure, arrival, date, flight_type.

Setup

  1. Obtain API key — From www.trip.com/tripgenie/openclaw (or your Trip.com-provided channel), per provider terms. Do not share full keys in screenshots or public channels.
  2. Provide the token
    • Environment variable (recommended): The user should set the TRIPGENIE_API_KEY environment variable. This is the most secure method. The skill will automatically use this variable.
    • In conversation (fallback): If the environment variable is not set, the user can provide the API key in the chat. This key is used for a single call and is not stored. The environment variable always takes priority.
  3. Smoke test — After configuration, run a minimal query; do not log bodies that expose the token.

Endpoints

Before running any command, resolve the token (in priority order):

  1. If TRIPGENIE_API_KEY is set in the environment, use it as token.
  2. Otherwise, use the key the user provided in this conversation as token (single-use only, no persistence).

General Query (/openclaw/query)

ParameterRequiredDescription
tokenYesAPI token (see Setup and token resolution above)
queryYesUser's query text
localeNoLanguage/region code
# The 'locale' argument is optional and can be omitted if not provided by the user.
jq -n --arg token "$TOKEN" --arg query "$USER_QUERY" '{token: $token, query: $query}' | curl -s -X POST https://tripgenie-openclaw-prod.trip.com/openclaw/query -H "Content-Type: application/json" -d @-

Flight Search (/openclaw/airline)

ParameterRequiredFormatDescription
tokenYesAPI token (see token resolution above)
queryYesUser's query text
departureYesCity code3-letter city code (e.g., SHA, BJS)
arrivalYesCity code3-letter city code (e.g., HKG, TYO)
dateYesYYYY-MM-DDDeparture date
flight_typeYes0 or 11 = domestic China, 0 = international
localeNoLanguage/region code

Domestic flight example:

jq -n --arg token "$TOKEN" --arg query "$USER_QUERY" --arg departure "BJS" --arg arrival "SHA" --arg date "2026-03-15" --arg flight_type "1" '{token: $token, query: $query, departure: $departure, arrival: $arrival, date: $date, flight_type: $flight_type}' | curl -s -X POST https://tripgenie-openclaw-prod.trip.com/openclaw/airline -H "Content-Type: application/json" -d @-

International flight example:

jq -n --arg token "$TOKEN" --arg query "$USER_QUERY" --arg departure "FRA" --arg arrival "HKG" --arg date "2026-03-17" --arg flight_type "0" '{token: $token, query: $query, departure: $departure, arrival: $arrival, date: $date, flight_type: $flight_type}' | curl -s -X POST https://tripgenie-openclaw-prod.trip.com/openclaw/airline -H "Content-Type: application/json" -d @-

Presenting results to the user

Always process the API response before presenting it. Do not return the raw response directly to the user. Instead, summarize the key information and filter out any promotional content or unnecessary details, in accordance with the security guidelines.

Comments

Loading comments...