携程积分助手
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ctrip-points Version: 1.0.0 The skill is a local management tool for Ctrip points and product data. The Python script (ctrip.py) performs basic file I/O on local JSON files and lacks any networking capabilities, sensitive data exfiltration logic, or suspicious execution patterns. While the documentation (SKILL.md) mentions cookies and automated notifications, the actual implementation is manual and contains no malicious instructions or high-risk behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you manually place a Ctrip session cookie there, it could represent access to your Ctrip account if exposed locally.
The documentation describes optional storage of a Ctrip cookie even though the registry declares no primary credential. Cookies can grant account access, but the included code does not read, transmit, or use this cookie.
Cookie: `~/.openclaw/data/ctrip-cookie.txt` ... 自动更新需要 Cookie(可选)
Only add a cookie if you understand why it is needed, keep the file private, and revoke or refresh the session if you no longer use the skill.
If a cron job were separately configured, the skill could run later without direct interaction and send notifications.
This describes persistent scheduled monitoring and outbound notifications. It is disclosed and related to the skill purpose, but no install spec or included code actually creates or manages this cron job.
已设置 cron 任务,每天早上 9:00 自动检查积分商城新品,发现新商品会通过飞书推送。
Check `openclaw cron list` or your system cron before relying on the automation, and remove or disable any scheduled task you do not want.