← Back to Skills Marketplace
Tour Booking
by
danielfoch
· GitHub ↗
· v0.1.0
693
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tour-booking
Description
Sub-agent for outbound listing-office calls to request and confirm property showing slots using a provided call script and structured payloads. Use when a pa...
Usage Guidance
This skill implements outbound phone calls and will send job data (client name, address, phone, timezone and other metadata) to ElevenLabs when run in live mode. The bundle and SKILL.md do not declare the two required env vars (ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID) in the registry metadata — that mismatch reduces transparency. Before enabling live calls: 1) Keep to dry-run mode for testing. 2) Review the included scripts (prepare_call_payload.py and place_outbound_call.py) yourself to confirm what fields are sent. 3) Only provide ELEVENLABS credentials in a secure environment, and consider using credentials with limited scope. 4) Do not set ELEVENLABS_OUTBOUND_URL to an untrusted endpoint (it can redirect where PII is sent). 5) If you need higher assurance, ask the publisher to update the registry metadata to declare required env vars and provide an authoritative homepage/source, or run the skill in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill
Name: tour-booking
Version: 0.1.0
The skill is classified as suspicious due to significant vulnerabilities related to input sanitization. The `scripts/prepare_call_payload.py` script directly uses `listing['office_phone']` from user-controlled input as the `to_number` for outbound calls, enabling potential arbitrary phone calls to untrusted destinations. Additionally, the `system_prompt` for the ElevenLabs AI agent is constructed using f-strings with user-controlled inputs (`client_name`, `address`, `preferred_windows_text`), creating a prompt injection vulnerability against the downstream AI agent. While the skill's core function of making outbound calls via ElevenLabs is legitimate, these vulnerabilities could be exploited for malicious purposes if the inputs are not properly sanitized by the calling workflow.
Capability Assessment
Purpose & Capability
The skill's code and docs clearly implement outbound phone calls via ElevenLabs (preparing payloads, placing calls, parsing results) which is coherent with the name/description. However the registry metadata lists no required environment variables or primary credential, while the code and references explicitly require ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID for live calls. That metadata omission is an inconsistency and reduces transparency.
Instruction Scope
SKILL.md runbook is narrow and actionable: build a payload from a job file, run a dry-run or live call, then parse results. The instructions do not ask the agent to read unrelated system files or credentials. They do rely on files placed in /tmp (job/payload/result), which is expected for this kind of tool.
Install Mechanism
No install spec (instruction-only with bundled scripts). No remote downloads or package installs are performed by the skill; script files are included in the bundle. This is low install risk.
Credentials
Live operation requires ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID (and optionally ELEVENLABS_OUTBOUND_URL) which are reasonable for a third-party voice service, but the skill metadata does not declare them. The skill will send PII (client name, address, office phone, metadata) to the external ElevenLabs endpoint; the endpoint URL is overrideable via ELEVENLABS_OUTBOUND_URL, which if misconfigured could redirect PII to an arbitrary server. These facts should be disclosed before assigning credentials.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes. It does not attempt to persist credentials or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-privilege settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tour-booking - After installation, invoke the skill by name or use
/tour-booking - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of tour-booking sub-agent for outbound property showing calls.
- Supports structured payload generation and consistent call scripting for listing-office interactions.
- Integrates with ElevenLabs for live or dry-run outbound call execution.
- Parses and normalizes call outcomes into standardized booking statuses.
- Includes clear runbook workflows and caller guardrails for responsible AI communication.
Metadata
Frequently Asked Questions
What is Tour Booking?
Sub-agent for outbound listing-office calls to request and confirm property showing slots using a provided call script and structured payloads. Use when a pa... It is an AI Agent Skill for Claude Code / OpenClaw, with 693 downloads so far.
How do I install Tour Booking?
Run "/install tour-booking" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tour Booking free?
Yes, Tour Booking is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Tour Booking support?
Tour Booking is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tour Booking?
It is built and maintained by danielfoch (@danielfoch); the current version is v0.1.0.
More Skills