← Back to Skills Marketplace

Check Bookings Phone

Name: Check Bookings Phone
Author: zcqqq

by Chao Zheng · GitHub ↗ · v1.0.2

cross-platform ⚠ suspicious

455

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install check-bookings-phone

Description

检查携程旅行app预售订单的日期可用性。通过ADB连接Android设备，自动化操作携程app，遍历"未使用预售订单"中的每个订单，查询指定日期范围内每天的预约状态（可约、约满、补差价等）。当用户提到检查携程订单、查看预售订单可用日期、查酒店预约状态时触发此skill。

README (SKILL.md)

携程预售订单日期可用性检查

通过 midscene.js 驱动 ADB 连接的 Android 设备，自动化操作携程旅行 app，遍历预售订单并提取指定日期的预约状态。

Setup（首次使用时执行）

Skill 目录：本文件所在目录（下称 $SKILL_DIR）。

1. 安装依赖

cd $SKILL_DIR && npm install

2. 配置环境变量

在系统环境变量或 $SKILL_DIR/.env 中设置以下变量：

火山引擎 Doubao（推荐）：

MIDSCENE_MODEL_API_KEY=\x3Cyour-api-key>
MIDSCENE_MODEL_BASE_URL=https://ark.cn-beijing.volces.com/api/v3
MIDSCENE_MODEL_NAME=doubao-seed-2-0-lite-260215
MIDSCENE_USE_DOUBAO_VISION=true

模型配置请参考 midscene.js 文档。

OpenClaw 用户： 可在 ~/.openclaw/openclaw.json 中配置环境变量，安装时会自动注入。

运行

cd $SKILL_DIR && npx tsx scripts/checkBookings.ts --from 2026-05-01 --to 2026-05-05

参数说明：

--from — 起始日期，格式 YYYY-MM-DD，默认 2026-05-01
--to — 结束日期，格式 YYYY-MM-DD，默认 2026-05-05

支持跨月查询（如 4月28日到5月3日），脚本会自动按月滚动日历并分别提取。

安装到 OpenClaw

npx skills add \x3Crepo-path> -a openclaw

隐私提示

本 skill 通过 @midscene/android 对手机屏幕截图并发送至 MIDSCENE_MODEL_BASE_URL 指定的视觉模型 API 进行分析。屏幕上的订单信息（酒店名称、价格、日期等）会作为截图内容传输到该外部服务。请确保你了解并接受所用模型服务的数据处理政策。

前置条件

Android 设备已通过 USB 连接并开启 ADB 调试（adb devices 能看到设备）
携程旅行 app 已安装且已登录

自动化流程

脚本按以下屏幕顺序操作，每一屏的处理时间会被记录并在结束时汇总打印：

第1屏（我的页面）：检测或导航到携程"我的"页面，点击"全部订单"
第2屏（全部订单）：点击"未使用预售订单"选项
第3屏（订单列表）：查询订单总数，逐个点击"在线预约"
第4屏（订单详情）：点击"立即预约"打开日期选择器
第5屏（日期选择）：滚动到目标月份，提取每日预约状态
关闭日期选择器 → 返回订单列表 → 处理下一个订单

输出

控制台打印每个订单在目标日期范围内的状态，例如：

订单 1: 南京某酒店
  5月1日: 约满
  5月2日: 剩1间 补¥200
  5月3日: 可约

末尾打印每一屏的处理耗时和总耗时。

使用示例

# 查询5月1日-5日（默认）
npx tsx scripts/checkBookings.ts

# 查询五一到五四
npx tsx scripts/checkBookings.ts --from 2026-05-01 --to 2026-05-04

# 跨月查询：4月28日到5月3日
npx tsx scripts/checkBookings.ts --from 2026-04-28 --to 2026-05-03

# 查询端午假期
npx tsx scripts/checkBookings.ts --from 2026-06-25 --to 2026-06-27

Usage Guidance

This skill appears to do what it says (automate Ctrip via ADB and query calendar statuses), but it sends screenshots from your phone to an external visual model endpoint. Before installing: 1) Confirm and trust the MIDSCENE_MODEL_BASE_URL you will use (do not use unknown or third‑party endpoints). 2) Be aware screenshots may include hotel names, prices, dates, and other personal info — avoid running on a device with sensitive apps/accounts logged in. 3) Note the registry metadata omits the required MIDSCENE_* env vars declared in SKILL.md; verify required env vars are documented and stored securely (e.g., not world-readable .env). 4) Inspect package-lock.json if you need to audit third‑party dependencies. If you have concerns about sending screenshots externally, consider running the script against an emulator or a local/private model service, or modify the code to perform analysis locally.

Capability Analysis

Type: OpenClaw Skill Name: check-bookings-phone Version: 1.0.2 This skill is classified as suspicious due to significant privacy risks and a critical prompt injection vulnerability. The `SKILL.md` explicitly states that screenshots containing sensitive user data (e.g., hotel names, prices, dates from the Ctrip app) are sent to an external AI model API (`MIDSCENE_MODEL_BASE_URL`) for analysis. While disclosed, this constitutes data exfiltration to a third party. Furthermore, the `scripts/checkBookings.ts` file contains an `aiActionContext` instruction to "点击同意/允许" (click agree/allow) for *any* permission pop-ups, which is a critical prompt injection vulnerability that could be exploited to grant dangerous permissions to malicious applications on the connected Android device. The script also uses `agent.runAdbShell` to execute direct ADB shell commands, a powerful primitive that, while used benignly here, represents a high-risk capability.

Capability Assessment

ℹ Purpose & Capability

The name/description, dependency on @midscene/android, and the script's ADB automation are coherent: this skill legitimately needs an external vision model to analyze screenshots. However the registry metadata lists no required env vars while SKILL.md explicitly requires MIDSCENE_MODEL_* variables — an inconsistency between declared metadata and runtime instructions.

⚠ Instruction Scope

Runtime instructions and the script take screenshots of the device UI and send them to the MIDSCENE_MODEL_BASE_URL visual model API for OCR/analysis. The SKILL.md does warn about screenshots containing order/hotel details being transmitted, but this behavior is sensitive (it transmits potentially personal/financial info) and constitutes data exfiltration to an external service.

✓ Install Mechanism

No arbitrary download install is present; dependencies are standard npm packages (listed in package.json / package-lock.json). Installation uses npm install (traceable). This is moderate risk but expected for a Node/TS skill.

⚠ Credentials

The script needs MIDSCENE_MODEL_API_KEY, MIDSCENE_MODEL_BASE_URL, MIDSCENE_MODEL_NAME (and optionally MIDSCENE_USE_DOUBAO_VISION) — these are justified by the use of a hosted vision model. The concern is (a) the registry metadata omitted these required env vars, and (b) these credentials grant an external service access to screenshots of your device, so they are sensitive and should only be given to a trusted endpoint.

✓ Persistence & Privilege

Skill does not request always:true and does not modify other skills or system-wide configuration. It runs ad-hoc when invoked and uses the agent to control an attached Android device; no elevated platform privileges are requested.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install check-bookings-phone
After installation, invoke the skill by name or use /check-bookings-phone
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- Added a new section for required environment variables in the SKILL.md file. - Included an explicit privacy notice about screenshot transmission to external visual model APIs. - No changes to code or behavior; documentation only.

v1.0.1

- Updated dependencies in package-lock.json to ensure latest compatible versions. - No changes to functionality or user-facing features.

v1.0.0

Initial release

Metadata

Slug check-bookings-phone

Version 1.0.2

License —

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Check Bookings Phone?

检查携程旅行app预售订单的日期可用性。通过ADB连接Android设备，自动化操作携程app，遍历"未使用预售订单"中的每个订单，查询指定日期范围内每天的预约状态（可约、约满、补差价等）。当用户提到检查携程订单、查看预售订单可用日期、查酒店预约状态时触发此skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 455 downloads so far.

How do I install Check Bookings Phone?

Run "/install check-bookings-phone" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Check Bookings Phone free?

Yes, Check Bookings Phone is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Check Bookings Phone support?

Check Bookings Phone is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Check Bookings Phone?

It is built and maintained by Chao Zheng (@zcqqq); the current version is v1.0.2.

More Skills