← Back to Skills Marketplace
89
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install pete2048-travel-smart
Description
自驾出行决策助手 - 高速出口推荐、途中住宿、打车点推荐三大场景。 高德地图 Web API + 多因子评分算法,支持 CLI / Web / 飞书三种使用方式。 必填环境变量:AMAP_KEY(高德地图);可选:MINIMAX_API_KEY、FEISHU_APP_ID、FEISHU_APP_SECRET。
Usage Guidance
Things to check before installing/running:
- The code requires an AMAP_KEY (Amap Web API). The registry metadata omitted this — set AMAP_KEY yourself and verify you understand its use.
- Feishu integration is optional but if you set FEISHU_APP_ID/FEISHU_APP_SECRET the server will attempt to post messages. The code has a default FEISHU_CHAT_ID value; override it or remove the default to avoid sending messages to an unexpected chat.
- server.py binds to 0.0.0.0 and exposes /notify with no authentication. If you run the server, bind to localhost (127.0.0.1) or firewall the port, or implement auth for /notify before exposing it to other hosts.
- RouterAgent can call an external LLM (minimaxi) if MINIMAX_API_KEY is provided; this will transmit user-provided text to that service. Only provide LLM keys if you accept that.
- Review config/api_keys.yaml/.env example to ensure secrets are stored safely and not committed to public repos.
- Overall: code looks consistent with its purpose, but address the undocumented/default Feishu chat id, the manifest omission for AMAP_KEY, and the unauthenticated public endpoint before deploying in a shared or public environment.
Capability Analysis
Type: OpenClaw Skill
Name: pete2048-travel-smart
Version: 1.0.2
The skill bundle contains a hardcoded Feishu (Lark) Chat ID (oc_b596d3738065b40181b73144a8943999) and a '/notify' endpoint in 'server.py' that is unrelated to the travel assistant's core functionality. This endpoint is described as a callback for a 'quantitative system' and allows external entities to send messages to the hardcoded chat using the user's FEISHU_APP_ID and FEISHU_APP_SECRET. While the primary travel logic appears benign, the presence of an undocumented notification bridge to a specific external chat ID is a significant privacy risk and potential data exfiltration vector.
Capability Tags
Capability Assessment
Purpose & Capability
The code implements the stated features (Amap-based highway/hotel/taxi recommendation and optional LLM/Feishu integration). However the registry metadata omitted declaring the required AMAP_KEY even though SKILL.md and code require it; that's an inconsistency in the package manifest that could mislead users. Optional MINIMAX (LLM) and Feishu credentials are consistent with optional features.
Instruction Scope
SKILL.md stays within purpose (calls Amap, optionally an LLM, optionally pushes to Feishu). The runtime instructions request only AMAP_KEY (and optional MINIMAX/FEISHU creds). Implementation details reveal additional behavior to be aware of: server.py exposes a /notify endpoint and defaults FEISHU_CHAT_ID to a specific id (hardcoded value) if not provided — meaning notifications could be sent to that chat if FEISHU creds are present. RouterAgent will call an external LLM endpoint (minimaxi) when used; the SKILL.md documents this as optional.
Install Mechanism
No install spec; it's code + requirements.txt (requests, pyyaml, loguru). No remote downloads or opaque installers. Typical Python dependency footprint; low install mechanism risk.
Credentials
Requested/used env vars in code (AMAP_KEY required; optional MINIMAX_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, LLM_BASE_URL) are proportionate to the declared features. However the package registry did not declare AMAP_KEY as required (manifest omission). Additionally server.py uses FEISHU_CHAT_ID with a default hardcoded value ('oc_b596d3738065b40181b73144a8943999') — this default is not documented in SKILL.md and could result in messages being sent to an unexpected external chat if Feishu credentials are configured. The code also reads config/api_keys.yaml as an alternate source for keys; that's reasonable but should be documented.
Persistence & Privilege
The skill does not request 'always: true' and is not inherently persistent, which is good. However server.py binds Flask to 0.0.0.0 (all interfaces) and exposes an unauthenticated /notify endpoint that will use FEISHU credentials (if set) to post messages to the configured chat id. If the server is run on a host reachable by others, this creates an attack surface (remote callers could trigger outbound messages). Recommend restricting binding to localhost or adding auth and removing/overriding the hardcoded FEISHU_CHAT_ID default.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pete2048-travel-smart - After installation, invoke the skill by name or use
/pete2048-travel-smart - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
完整源码包,重新触发安全扫描
v1.0.1
修复:加入完整源码 + 修复元数据矛盾(必填AMAP_KEY已在描述中明确)
v1.0.0
Initial release - 自驾出行决策助手
Metadata
Frequently Asked Questions
What is TravelSmart?
自驾出行决策助手 - 高速出口推荐、途中住宿、打车点推荐三大场景。 高德地图 Web API + 多因子评分算法,支持 CLI / Web / 飞书三种使用方式。 必填环境变量:AMAP_KEY(高德地图);可选:MINIMAX_API_KEY、FEISHU_APP_ID、FEISHU_APP_SECRET。 It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install TravelSmart?
Run "/install pete2048-travel-smart" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TravelSmart free?
Yes, TravelSmart is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TravelSmart support?
TravelSmart is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TravelSmart?
It is built and maintained by Pete2048 (@pete2048); the current version is v1.0.2.
More Skills