← Back to Skills Marketplace
Zim
by
robinmtzieme-commits
· GitHub ↗
· v3.0.2
· MIT-0
197
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install zim
Description
Agent travel middleware for searching flights, hotels, and car rentals, assembling policy-aware itineraries, managing traveler preferences, and preparing pay...
Usage Guidance
What to check before installing or enabling this skill:
- Confirm provenance: the registry lists no homepage and the source is 'unknown'. Only enable code from sources you trust.
- Verify environment variables: the package needs several sensitive keys (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY). Do not supply production Stripe keys unless you understand and have tested payment flows; prefer test keys (sk_test_...) and restrict their use to an isolated environment.
- Don’t run the QA scripts or orchestrator with live keys unless you intend to make outbound calls to LLM/search APIs — these scripts call external services and may consume quota or leak keys in logs.
- Inspect and sandbox before install: because the package contains executable Python code and shell wrappers, consider installing and running it inside a contained environment (dedicated VM or container) and do a code review of entry points (scripts/zim-wa.sh, scripts/zim-whatsapp-handler.py, zim/__main__.py, zim/orchestrator.py, zim/llm_agent.py, etc.).
- Be cautious about symlinking into ~/.openclaw/skills or auto-registering: that will make the skill discoverable and runnable by agents; only do this after you’ve reviewed how the wrapper sets env vars and where it persists state (data/whatsapp_state.db).
- Investigate the prompt-injection signal: search SKILL.md and other files for hidden or injected directives (phrases like 'ignore previous instructions') and remove or sanitize them before enabling autonomous invocation.
- If you need narrower exposure: avoid setting LLM or payment keys in the environment; run the skill in read-only or demo mode, or stub out network calls until you validate behavior.
If you want, I can: (a) list files that reference specific env vars (so you can audit where secrets are used), (b) extract exact lines where the prompt-injection pattern appears, or (c) suggest a minimal safe runtime command to exercise the package without enabling payments/LLM calls.
Capability Analysis
Type: OpenClaw Skill
Name: zim
Version: 3.0.2
The 'zim' skill bundle is a well-structured travel orchestration middleware that enables searching and booking flights, hotels, and car rentals via multiple providers (Travelpayouts, SerpApi, Kiwi, Booking.com). It includes a FastAPI-based API, a stateful WhatsApp agent, and comprehensive logic for managing traveler preferences, corporate policies, and Stripe-based payment flows. The package demonstrates security awareness by implementing Bearer token authentication for its API, validating Stripe and Twilio webhook signatures, and providing strict behavioral instructions in SKILL.md and Python prompts to prevent agent hallucinations or character breaks. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Capability Tags
Capability Assessment
Purpose & Capability
The code and SKILL.md implement the advertised travel middleware (flight/hotel/car search, itinerary assembly, Stripe Checkout integration, WhatsApp handler). Requested binaries (python3, bash, curl, jq) and Python deps are appropriate for this functionality. However, the registry metadata claims 'Required env vars: none' while SKILL.md and code require several sensitive environment variables (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY). That mismatch between declared registry requirements and the actual package contents is an incoherence worth flagging.
Instruction Scope
SKILL.md + SETUP.md instructs actions beyond simple search: it documents symlinking the skill into ~/.openclaw/skills, a wrapper script (scripts/zim-wa.sh) that execs into the Python WhatsApp handler, and a persistent SQLite state at data/whatsapp_state.db. The QA scripts explicitly call external LLMs (OPENROUTER_API_KEY) and live search APIs. Those runtime instructions will cause outbound network calls, persist conversation state locally, and rely on sensitive env vars. Additionally, a prompt-injection pattern ('ignore-previous-instructions') was detected inside SKILL.md, which could indicate an attempt to influence evaluation or agent behavior. Together these widen the runtime surface and should be reviewed before use.
Install Mechanism
There is no formal install spec in the registry (skill treated as instruction-only), yet a full Python package (pyproject.toml) and many source files are included. The package expects installation (python3 -m pip install . is documented). This is not inherently malicious, but the absence of an explicit install spec / automated installer in the registry metadata is an inconsistency that can confuse users and lead to accidental execution of code without a controlled install process.
Credentials
The environment variables required by the code and SKILL.md (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY, ZIM_BASE_URL) are relevant to the described functionality (affiliate searches, deeplinks, Stripe Checkout, external LLM). However: (1) the registry lists no required env vars, (2) several sensitive credentials are needed and would grant outbound API access if set, and (3) test/production key guidance is present but could be overlooked (e.g., do not accidentally set live Stripe keys). The number and sensitivity of env vars is proportionate to the feature set, but the mismatched metadata and the potential for misuse (live payments, LLM calls) are concerning.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills. It does, however, document persistent local state (SQLite DB at data/whatsapp_state.db) and suggests symlinking into the user's OpenClaw skills directory and restarting the gateway for discovery. Those steps require filesystem changes and will make the skill persistent within the user's OpenClaw environment. This is expected for aWhatsApp-style agent but is an action that should be done deliberately and under supervision.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zim - After installation, invoke the skill by name or use
/zim - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.2
Fixed .clawignore to properly exclude QA test scripts and test suite from published package. Removed test files that contained jailbreak test scenarios triggering security scanner false positives.
v3.0.1
Security fixes: patched shell injection in search scripts (use sys.argv), excluded QA test scripts from package (contained jailbreak test strings), added .clawignore for data/db files.
v3.0.0
v3.0.0: Security metadata + capability declarations. Added explicit capabilities (stripe_checkout, travelpayouts_search, serpapi_search) and sensitive_env in frontmatter. Removed false-positive trigger words. Conversational warmth + dates in flight results. NLU improvements (context switching, typo correction, retry logic). 93/100 QA pass rate.
v2.9.0
Security: removed all hardcoded API tokens and secrets. Env vars now required.
v0.1.3
Explicitly declare Stripe payment capabilities in metadata. Clarify no crypto/wallet/blockchain involvement - Stripe Checkout only. Fixes ClawHub security scan false positives.
v0.1.2
Harden registry package: align version/license, add README, exclude repo/cache/venv artifacts from publish bundle, reduce scanner ambiguity around runtime and credentials.
v0.1.1
Fix disclosure metadata: declare Python runtime and package dependencies, required env vars, Stripe test-mode/payment boundaries, external API dependencies, and package contents accurately.
v0.2.0
Payment-enabled booking flow, trip orchestration, ranking, approval, Stripe integration
Metadata
Frequently Asked Questions
What is Zim?
Agent travel middleware for searching flights, hotels, and car rentals, assembling policy-aware itineraries, managing traveler preferences, and preparing pay... It is an AI Agent Skill for Claude Code / OpenClaw, with 197 downloads so far.
How do I install Zim?
Run "/install zim" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zim free?
Yes, Zim is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Zim support?
Zim is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zim?
It is built and maintained by robinmtzieme-commits (@robinmtzieme-commits); the current version is v3.0.2.
More Skills