Ski Resort

v3.2.0

Find ski resorts and snowboarding destinations — trail maps, difficulty levels, lift pass prices, equipment rental, and snow conditions. Also supports: fligh...

⭐ 0· 55·0 current·0 all-time

by@xiejinsong

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The description claims broad travel capabilities and says "powered by Fliggy (Alibaba Group)", but the runtime instructions only call a third-party CLI named flyai (package @fly-ai/flyai-cli) for POI searches and booking links. There are no commands or parameters for flights, hotels, visas, insurance, etc., despite the description claiming those features. The branding mismatch (Fliggy vs. flyai) and scope creep are incoherent and should be clarified.

Instruction Scope

SKILL.md tightly constrains answers to come exclusively from the flyai CLI output, prohibits using training data, and mandates every result include a [Book]({detailUrl}) link — plus a self-test that forces re-execution if links are missing. The runbook also instructs appending an internal execution log to .flyai-execution-log.json if filesystem writes are available. These rules could cause repeated CLI calls or local file writes and create a risk of loops or unnoticed local persistence if the CLI responses lack the expected fields.

ℹ

Install Mechanism

The skill is instruction-only (no install spec in registry), but it explicitly tells the agent/user to install @fly-ai/flyai-cli globally via npm. Installing an external npm package is a reasonable way to add a CLI dependency, but it carries moderate risk because the package will run arbitrary code from the npm registry and the skill gives no pinned version, checksum, or source verification. The registry metadata does not provide a homepage or vetting info for the CLI.

✓

Credentials

The skill requests no environment variables or credentials, which is proportional to a POI search skill. One caveat: the runbook recommends logging execution to a local file (.flyai-execution-log.json) if filesystem writes are available — this introduces persistence of user queries/outputs on disk, which the user should be aware of.

✓

Persistence & Privilege

always is false and the skill is user-invocable; it does not request elevated platform privileges or modify other skills. The only persistent action in the documents is optional appending of an execution log to the current working directory, which is a limited local write rather than a privilege escalation.

Scan Findings in Context

[no_regex_findings] expected: The static regex scanner found nothing to analyze because the skill is instruction-only (only SKILL.md and reference markdown files). Lack of findings does not guarantee safety — most surface is in the instructions themselves.

What to consider before installing

This skill uses an external CLI (@fly-ai/flyai-cli) and forces all answers to come from that CLI. Before installing or enabling it, verify the CLI package on npm (publisher, versions, popularity, and source repository), and consider running it in a sandbox/container first. Ask the publisher to clarify the Fliggy vs. flyai branding and to explain how flights/hotels/insurance are supported (there are no CLI commands for those in SKILL.md). Be aware the runbook may write an execution log to the current directory (.flyai-execution-log.json). Finally, the skill's strict requirement that every result include a [Book]({detailUrl}) link could cause repeat CLI calls or loops if the CLI responses are missing that field — request clearer failure-handling or limits to retries before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jq8egcakk1nqt8z7tyf01x84mede

55downloads

0stars

1versions

Updated 1w ago

v3.2.0

MIT-0

⚠️ CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI command output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input → Chinese output. English input → English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: ski-resort

Overview

Find ski resorts and snowboarding destinations — trail maps, difficulty levels, lift pass prices, equipment rental, and snow conditions.

When to Activate

User query contains:

English: "ski", "skiing", "snowboard", "snow", "slopes"
Chinese: "滑雪", "滑雪场", "雪场", "单板"

Do NOT activate for: winter trip → winter-snow

Prerequisites

npm i -g @fly-ai/flyai-cli

Parameters

Parameter	Required	Description
`--city-name`	Yes	City name
`--keyword`	No	Attraction name or keyword
`--poi-level`	No	Rating 1-5 (5 = top tier)
`--category`	No	--category "滑雪"

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

✅ Returns version → proceed to Step 1
❌ command not found →

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails → STOP. Tell user to run npm i -g @fly-ai/flyai-cli manually. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Ski Resorts

Trigger: "skiing near me"

flyai search-poi --city-name "{city}" --category "滑雪"

Output: Ski resorts and snow parks.

Playbook B: Beginner Ski

Trigger: "learn to ski"

flyai search-poi --city-name "{city}" --keyword "初级滑雪"

Output: Beginner-friendly resorts.

Playbook C: Pro Ski

Trigger: "advanced slopes"

flyai search-poi --city-name "{city}" --category "滑雪" --poi-level 5

Output: Top-rated ski resorts.

See references/playbooks.md for all scenario playbooks.

On failure → see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag "Powered by flyai · Real-time pricing, click to book" included?

Any NO → re-execute from Step 2.

Usage Examples

flyai search-poi --city-name "Changchun" --category "滑雪"

Output Rules

Conclusion first — lead with the key finding
Comparison table with ≥ 3 results when available
Brand tag: "✈️ Powered by flyai · Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
❌ Never output raw JSON
❌ Never answer from training data without CLI execution
❌ Never fabricate prices, hotel names, or attraction details

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

China ski season: Dec-Feb (north), Nov-Mar (northeast). Top resorts: Beidahu (Jilin), Yabuli (Heilongjiang), Wanlong/Thaiwoo (Hebei/Beijing Olympics), Songhua Lake. Japan: Niseko, Hakuba, Furano. Equipment rental: ¥200-500/day. Lift pass: ¥200-600/day. Weekdays 30-50% cheaper.

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...