← Back to Skills Marketplace

台灣即時停車查詢

Name: 台灣即時停車查詢
Author: harperbot

by Harperbot · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

371

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-parking-query

Description

傳送定位點或 Google Maps 網址，查詢附近台灣停車場即時空位，附 Apple Maps / Google Maps 一鍵導航連結。支援 Telegram、LINE、iMessage。

Usage Guidance

This skill is internally consistent: it needs only TDX credentials to call the official TDX APIs and the code matches the documentation. Before installing, do these quick checks: (1) Only supply TDX_CLIENT_ID and TDX_CLIENT_SECRET (do not reuse other secrets). (2) Inspect and trust the GitHub repo referenced by update.sh (https://github.com/Harperbot/openclaw-parking-query) before running update.sh or enabling any automated update cron jobs — the script will download and overwrite the skill files. (3) Note that resolving Google short URLs performs an HTTP HEAD with redirects (normal for expanding short map links), so if you pass unfamiliar external URLs be aware the skill will follow redirects to whatever upstream target is returned. If you are comfortable trusting the GitHub source and the TDX service, the skill appears safe to use.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-parking-query Version: 1.0.0 The `skill.yml` file contains a shell injection vulnerability (Remote Code Execution risk) in the `run` command definition. The user-controlled `url` parameter, typed as a string, is directly interpolated into a shell command: `--url "${url}"`. While double-quoted, this can still be exploited by an attacker using command substitution (e.g., `"$(id)"`) to execute arbitrary commands on the host running the OpenClaw agent. This is a critical vulnerability, but it represents a flaw allowing attacks rather than clear evidence of intentional malicious behavior by the skill's author.

Capability Assessment

✓ Purpose & Capability

The skill queries TDX (Transport Data eXchange) for static car-park data and availability and therefore legitimately asks for TDX_CLIENT_ID and TDX_CLIENT_SECRET. The behavior (parsing Google Maps URLs, calling TDX APIs, returning map links) matches the name/description.

✓ Instruction Scope

SKILL.md restricts runtime actions to: set TDX credentials, install requests, copy the skill into the OpenClaw skills directory, and run the included Python script. The Python code only reads the provided coordinates or resolves a Google Maps URL, calls TDX endpoints, caches a token under ~/.openclaw/, and prints results. It does not attempt to read unrelated system files or exfiltrate other environment variables.

ℹ Install Mechanism

There is no formal install spec (instruction-only), which minimizes automatic disk actions. The repo includes update.sh that downloads parking_query.py and skill.yml from a GitHub URL (https://github.com/Harperbot/openclaw-parking-query/raw/main/...). Pulling code from GitHub raw is common but still an external fetch — if you enable automated updates or run update.sh, you should trust that remote repository. requirements.txt only lists requests (standard).

✓ Credentials

The only required secrets are TDX_CLIENT_ID and TDX_CLIENT_SECRET, which are necessary for the TDX API. No other credentials, system config paths, or unrelated environment variables are requested. The token cache is stored under ~/.openclaw/.tdx_token_cache (within OpenClaw path) — expected for caching.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges. It writes a token cache under ~/.openclaw/ (its own area) and contains an update helper that can overwrite its own files if run — that is normal for self-updating skills but worth noting before enabling automated cron updates.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-parking-query
After installation, invoke the skill by name or use /openclaw-parking-query
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release：全台 TDX 即時停車，支援 Telegram/LINE/iMessage，附導航連結

Metadata

Slug openclaw-parking-query

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 台灣即時停車查詢?

傳送定位點或 Google Maps 網址，查詢附近台灣停車場即時空位，附 Apple Maps / Google Maps 一鍵導航連結。支援 Telegram、LINE、iMessage。 It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.

How do I install 台灣即時停車查詢?

Run "/install openclaw-parking-query" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 台灣即時停車查詢 free?

Yes, 台灣即時停車查詢 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 台灣即時停車查詢 support?

台灣即時停車查詢 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 台灣即時停車查詢?

It is built and maintained by Harperbot (@harperbot); the current version is v1.0.0.

More Skills