功能描述

Integrate with Brek Partner Core Chat API for hotel-search and booking assistant flows. Use when an agent needs to create or continue Brek chat sessions, sen...

使用说明 (SKILL.md)

Brek AI Partner Core Chat

Name: Agent Hotel Booking
Author: leo9

Execute Brek through /api/partner/v1/core-chat.

Use this execution order:

Create one session per end user (POST /sessions) with a stable actor.actorId.
Reuse that session for all follow-up messages (POST /events).
Read the latest state when needed (GET /sessions/{sessionId}).

Do not share one session across different users.

Required runtime inputs

Require these inputs before calling Brek:

BREK_BASE_URL
BREK_PARTNER_API_KEY
actorId (stable partner-side end-user ID)
workspaceId or tenant context if your product uses workspaces
partnerId (stable partner tenant ID for idempotency and billing grouping)
clientActionId for each write-like event kind

If one required input is missing, stop and request it.

If BREK_PARTNER_API_KEY is missing:

stop outbound calls
ask the user to get the key from their internal owner or approved support channel
never request secrets through unapproved channels

Call safety guardrails

Apply these guardrails before every upstream call:

Enforce local budget limits from references/call-control.md.
Attach a deterministic idempotencyKey for all write-like event kinds.
Respect 429 with retry-after and exponential backoff.
Open a circuit breaker after repeated 5xx or timeout failures.
Log x-request-id, x-partner-id, x-ratelimit-limit, and x-ratelimit-remaining.

Never retry booking or payment-confirm actions without the same idempotencyKey.

Event-kind rules

When kind is one of:

command_book_by_option_id
action_book_option
action_confirm_price_change
action_confirm_payment_card
action_cancel_booking

Always include idempotencyKey.

Generate idempotencyKey as:

\x3CpartnerId>:\x3CsessionId>:\x3Ckind>:\x3CclientActionId>

If partnerId is unavailable in your runtime, use stable tenant context (for example workspaceId) and keep the key format deterministic.

Payment handling

Handle payment in two layers:

End-user card setup and confirmation in secure portal flow.
Agent-to-agent usage billing and settlement.

Follow references/payment-and-billing.md for both layers.

Hard rules:

Never request or store raw card number, CVV, or full PAN in chat.
Accept only tokenized paymentMethodId from provider-hosted fields.
Require explicit user confirmation before action_confirm_payment_card and booking actions.

Response mapping

Map Brek response as:

data.result.status -> state machine key for UI and orchestration
data.result.message.text -> user-visible assistant text
data.result.artifacts -> structured payload (shortlist, payment setup URL, booking metadata)

Error handling

400: request validation failed. Fix payload.
401/403: API key issue. Stop calls. Tell user to rotate or provision key through their internal owner or approved support channel.
404: session not found or wrong tenant.
409: actor/session mismatch. Recreate correct session.
429: throttle locally and retry by retry-after.
5xx: retry with backoff, then open breaker.

References

Read only what you need:

API payload templates: references/api-templates.md
Call-control and anti-abuse policy: references/call-control.md
Payment and billing orchestration: references/payment-and-billing.md

安全使用建议

This skill appears to be what it says: a Brek partner core-chat integration. Before installing, verify these points: 1) Confirm which metadata is authoritative — the package registry claims no required env but SKILL.md requires BREK_BASE_URL and BREK_PARTNER_API_KEY; do not provide your API key until you resolve this discrepancy. 2) Ensure the platform will store BREK_PARTNER_API_KEY securely (encrypted at rest, access-controlled) and will not leak it in logs, prompts, or telemetry. 3) Enforce the idempotency, rate-limit, and budget controls described (dedupe store, budget kill-switch) — otherwise you may incur unexpected charges. 4) Because this is an instruction-only skill (no code to audit), run it in a least-privilege execution environment and review network egress policies so the agent can only call your intended BREK_BASE_URL. 5) Confirm the product enforces the SKILL.md's prohibition on collecting raw card data and that any payment flows rely on provider-hosted tokenized fields. If you cannot validate the registry/skill metadata mismatch or secure secret storage, treat the skill as high-risk and delay granting it access to real credentials.

功能分析

Type: OpenClaw Skill Name: brek-ai Version: 1.0.2 The skill bundle is classified as suspicious due to a potential Server-Side Request Forgery (SSRF) vulnerability identified in the `brekRequest` function within `references/api-templates.md`. The function constructs a URL by concatenating `BREK_BASE_URL` and a `path` variable. If dynamic parts of the `path` (e.g., `{sessionId}` as used in `GET /sessions/{sessionId}`) are derived from unsanitized user input by the AI agent, an attacker could inject arbitrary URLs or paths, potentially leading to unauthorized internal network access or data exfiltration. While the `SKILL.md` provides strong security instructions (e.g., never request raw card data, never request secrets via unapproved channels) and the overall intent appears benign, this code pattern represents a significant vulnerability.

能力评估

ℹ Purpose & Capability

The skill's declared purpose (Brek Partner Core Chat for hotel search/booking) matches the runtime instructions and API templates: calls to BREK_BASE_URL, use of a partner API key, idempotency, rate-limiting and payment flow rules are appropriate for this integration. The required runtime inputs (actorId, workspaceId, partnerId, clientActionId) and storage requirements (idempotency store, budget/usage logs) also make sense for a booking/billing integration.

✓ Instruction Scope

SKILL.md narrowly instructs how to create/reuse sessions, send events, enforce call-control, handle idempotency, and do payment setup without collecting raw card data. It does not ask the agent to read unrelated system files or exfiltrate data to third-party endpoints; all external calls are described as going to BREK_BASE_URL. The included references restrict behavior (e.g., never collect PAN/CVV) which reduces scope creep.

✓ Install Mechanism

This is instruction-only with no install spec and no code files to execute. That means there is no automated download or install risk from the skill package itself. However, instruction-only status also means there is nothing to audit beyond the prose.

⚠ Credentials

The SKILL.md metadata lists BREK_BASE_URL and BREK_PARTNER_API_KEY as required_env_vars and sets BREK_PARTNER_API_KEY as primary_credential — which is appropriate for the described integration — but the registry-level requirements section at the top of the package claims 'Required env vars: none' and 'Primary credential: none'. This metadata mismatch is an incoherence: the skill will need an API key at runtime but the registry entry does not declare it. Verify which is authoritative. Apart from that, the set of secrets requested is limited and proportional to purpose.

✓ Persistence & Privilege

The skill does not request always-on presence and is not marked always:true. It asks implementers to maintain local dedupe/budget/usage stores, which is reasonable for idempotency and billing; that implies persistent storage but not elevated system-wide privileges. The agents/openai.yaml file sets allow_implicit_invocation: false, which is a good restriction (prevents implicit invocation by default).

版本历史

v1.0.2

Version 1.0.2 - Added initial OpenAI agent configuration file: agents/openai.yaml - Updated SKILL.md to include a metadata section detailing required environment variables, inputs, and storage requirements.

v1.0.1

brek-ai v1.0.1 - Added `partnerId` and `clientActionId` as required inputs before operations; included deterministic idempotency guidance if `partnerId` is missing. - Clarified secure process for handling missing API keys—direct users to internal owners or approved support channels rather than email contacts. - Revised payment and error handling instructions to avoid requesting secrets or card data through unapproved channels. - Updated error handling: now instructs on using internal procedures to rotate or provision API keys instead of publicly emailing for access. - Improved guarding on when to stop outbound calls if required inputs are missing.

v1.0.0

- Initial release of the brek-ai-skill for integrating with Brek Partner Core Chat API. - Supports hotel search and booking assistant flows with secure session management. - Enforces anti-abuse call controls and idempotency requirements for booking and payment actions. - Handles payment via tokenized methods and explicit user confirmation, without collecting raw card data. - Provides clear runtime input requirements and error handling guidance. - Includes response mapping standards for UI/orchestration.

元数据

Slug brek-ai

版本 1.0.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Agent Hotel Booking 是什么？

Integrate with Brek Partner Core Chat API for hotel-search and booking assistant flows. Use when an agent needs to create or continue Brek chat sessions, sen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 592 次。

如何安装 Agent Hotel Booking？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install brek-ai」即可一键安装，无需额外配置。

Agent Hotel Booking 是免费的吗？

是的，Agent Hotel Booking 完全免费（开源免费），可自由下载、安装和使用。

Agent Hotel Booking 支持哪些平台？

Agent Hotel Booking 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent Hotel Booking？

由 leo9（@leo9）开发并维护，当前版本 v1.0.2。

Agent Hotel Booking