v3.1.1

曲线救国低价机票模糊搜索

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:20 AM.

Analysis

This flight-search skill appears purpose-aligned, but it deserves review because it saves travel-site login cookies, runs a debuggable Chrome session, and includes account/login automation that can affect local processes and third-party accounts.

GuidanceInstall only if you are comfortable letting the skill automate Chrome and store travel-site login cookies locally. Use a throwaway account, avoid running the login/slider tests, verify the source and dependencies, and delete the saved profile/cookie directories when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

禁止使用 tavily、web_search 等互联网搜索工具搜索机票 ... 所有机票查询请求必须通过本技能的 CLI 命令执行。

The skill explicitly forces tool choice for flight searches. This is related to its purpose, but users should know it tells the agent not to use alternative sources.

User impactThe agent may avoid other flight-search or verification methods even if the user would prefer them.

RecommendationTreat this as a preference only when it matches the user's request; allow the user to ask for alternative sources or cross-checking.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

src/qvxianjiuguo/chrome_launcher.py

if is_port_open(port):
        pids = _find_pids_by_port(port)
        if pids:
            for pid in pids:
                _kill_pid(pid)

The Chrome manager can terminate any PID found on the configured debugging port, without artifact evidence that it verifies the process belongs to this skill's Chrome profile.

User impactA local process using the same port could be killed, causing data loss or disrupting unrelated work.

RecommendationOnly allow process termination after explicit user confirmation, and prefer verifying the executable/profile before killing a process.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

tests/test_slider_auto.py

test_phone = '13012344249' ... 点击获取验证码 ... print('\n[6] 执行自动滑块验证...') ... page.mouse_drag(start_x, start_y, end_x, end_y, steps=30)

The included test code automates a verification-code flow and slider challenge using a hard-coded phone number, which goes beyond ordinary flight-price lookup and can interact with anti-abuse controls.

User impactRunning the included tests could send verification traffic to a phone number and increase the risk of account restrictions or platform terms-of-service issues.

RecommendationDo not run the login/slider tests on a real account unless you understand the impact; remove hard-coded phone data and keep verification challenges manual.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.

The registry metadata provides limited provenance and no formal install spec even though the package includes Python code and dependency setup files.

User impactUsers have less registry-level assurance about where the runnable code and dependencies came from.

RecommendationReview the bundled source and dependency list before running `uv sync` or any CLI commands.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Cookie 文件：`~/.qvxian/qunar_cookies.json`（保存的登录凭证） ... 读取内容：浏览器页面 HTML、Cookies、localStorage

The skill saves and reuses authenticated travel-site session material. These cookies are effectively account credentials and persist locally.

User impactAnyone or any process that can read the saved cookie file may be able to access the linked travel-site account session.

RecommendationUse only a throwaway account, confirm where cookies are stored, delete `~/.qvxian/` and `~/.qvxianjiuguo/` when done, and avoid installing if you are not comfortable granting account-session access.