← 返回 Skills 市场
zcqqq

Check Bookings Phone

作者 Chao Zheng · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
455
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install check-bookings-phone
功能描述
检查携程旅行app预售订单的日期可用性。通过ADB连接Android设备,自动化操作携程app,遍历"未使用 预售订单"中的每个订单,查询指定日期范围内每天的预约状态(可约、约满、补差价等)。当用户提到检查携程订单、查看预售订单可用日期、查酒店预约状态时触发此skill。
使用说明 (SKILL.md)

携程预售订单日期可用性检查

通过 midscene.js 驱动 ADB 连接的 Android 设备,自动化操作携程旅行 app,遍历预售订单并提取指定日期的预约状态。

Setup(首次使用时执行)

Skill 目录:本文件所在目录(下称 $SKILL_DIR)。

1. 安装依赖

cd $SKILL_DIR && npm install

2. 配置环境变量

在系统环境变量或 $SKILL_DIR/.env 中设置以下变量:

火山引擎 Doubao(推荐):

MIDSCENE_MODEL_API_KEY=\x3Cyour-api-key>
MIDSCENE_MODEL_BASE_URL=https://ark.cn-beijing.volces.com/api/v3
MIDSCENE_MODEL_NAME=doubao-seed-2-0-lite-260215
MIDSCENE_USE_DOUBAO_VISION=true

模型配置请参考 midscene.js 文档

OpenClaw 用户: 可在 ~/.openclaw/openclaw.json 中配置环境变量,安装时会自动注入。

运行

cd $SKILL_DIR && npx tsx scripts/checkBookings.ts --from 2026-05-01 --to 2026-05-05

参数说明:

  • --from — 起始日期,格式 YYYY-MM-DD,默认 2026-05-01
  • --to — 结束日期,格式 YYYY-MM-DD,默认 2026-05-05

支持跨月查询(如 4月28日到5月3日),脚本会自动按月滚动日历并分别提取。

安装到 OpenClaw

npx skills add \x3Crepo-path> -a openclaw

隐私提示

本 skill 通过 @midscene/android 对手机屏幕截图并发送至 MIDSCENE_MODEL_BASE_URL 指定的视觉模型 API 进行分析。屏幕上的订单信息(酒店名称、价格、日期等)会作为截图内容传输到该外部服务。请确保你了解并接受所用模型服务的数据处理政策。

前置条件

  • Android 设备已通过 USB 连接并开启 ADB 调试(adb devices 能看到设备)
  • 携程旅行 app 已安装且已登录

自动化流程

脚本按以下屏幕顺序操作,每一屏的处理时间会被记录并在结束时汇总打印:

  1. 第1屏(我的页面):检测或导航到携程"我的"页面,点击"全部订单"
  2. 第2屏(全部订单):点击"未使用 预售订单"选项
  3. 第3屏(订单列表):查询订单总数,逐个点击"在线预约"
  4. 第4屏(订单详情):点击"立即预约"打开日期选择器
  5. 第5屏(日期选择):滚动到目标月份,提取每日预约状态
  6. 关闭日期选择器 → 返回订单列表 → 处理下一个订单

输出

控制台打印每个订单在目标日期范围内的状态,例如:

订单 1: 南京某酒店
  5月1日: 约满
  5月2日: 剩1间 补¥200
  5月3日: 可约

末尾打印每一屏的处理耗时和总耗时。

使用示例

# 查询5月1日-5日(默认)
npx tsx scripts/checkBookings.ts

# 查询五一到五四
npx tsx scripts/checkBookings.ts --from 2026-05-01 --to 2026-05-04

# 跨月查询:4月28日到5月3日
npx tsx scripts/checkBookings.ts --from 2026-04-28 --to 2026-05-03

# 查询端午假期
npx tsx scripts/checkBookings.ts --from 2026-06-25 --to 2026-06-27
安全使用建议
This skill appears to do what it says (automate Ctrip via ADB and query calendar statuses), but it sends screenshots from your phone to an external visual model endpoint. Before installing: 1) Confirm and trust the MIDSCENE_MODEL_BASE_URL you will use (do not use unknown or third‑party endpoints). 2) Be aware screenshots may include hotel names, prices, dates, and other personal info — avoid running on a device with sensitive apps/accounts logged in. 3) Note the registry metadata omits the required MIDSCENE_* env vars declared in SKILL.md; verify required env vars are documented and stored securely (e.g., not world-readable .env). 4) Inspect package-lock.json if you need to audit third‑party dependencies. If you have concerns about sending screenshots externally, consider running the script against an emulator or a local/private model service, or modify the code to perform analysis locally.
功能分析
Type: OpenClaw Skill Name: check-bookings-phone Version: 1.0.2 This skill is classified as suspicious due to significant privacy risks and a critical prompt injection vulnerability. The `SKILL.md` explicitly states that screenshots containing sensitive user data (e.g., hotel names, prices, dates from the Ctrip app) are sent to an external AI model API (`MIDSCENE_MODEL_BASE_URL`) for analysis. While disclosed, this constitutes data exfiltration to a third party. Furthermore, the `scripts/checkBookings.ts` file contains an `aiActionContext` instruction to "点击同意/允许" (click agree/allow) for *any* permission pop-ups, which is a critical prompt injection vulnerability that could be exploited to grant dangerous permissions to malicious applications on the connected Android device. The script also uses `agent.runAdbShell` to execute direct ADB shell commands, a powerful primitive that, while used benignly here, represents a high-risk capability.
能力评估
Purpose & Capability
The name/description, dependency on @midscene/android, and the script's ADB automation are coherent: this skill legitimately needs an external vision model to analyze screenshots. However the registry metadata lists no required env vars while SKILL.md explicitly requires MIDSCENE_MODEL_* variables — an inconsistency between declared metadata and runtime instructions.
Instruction Scope
Runtime instructions and the script take screenshots of the device UI and send them to the MIDSCENE_MODEL_BASE_URL visual model API for OCR/analysis. The SKILL.md does warn about screenshots containing order/hotel details being transmitted, but this behavior is sensitive (it transmits potentially personal/financial info) and constitutes data exfiltration to an external service.
Install Mechanism
No arbitrary download install is present; dependencies are standard npm packages (listed in package.json / package-lock.json). Installation uses npm install (traceable). This is moderate risk but expected for a Node/TS skill.
Credentials
The script needs MIDSCENE_MODEL_API_KEY, MIDSCENE_MODEL_BASE_URL, MIDSCENE_MODEL_NAME (and optionally MIDSCENE_USE_DOUBAO_VISION) — these are justified by the use of a hosted vision model. The concern is (a) the registry metadata omitted these required env vars, and (b) these credentials grant an external service access to screenshots of your device, so they are sensitive and should only be given to a trusted endpoint.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide configuration. It runs ad-hoc when invoked and uses the agent to control an attached Android device; no elevated platform privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install check-bookings-phone
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /check-bookings-phone 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added a new section for required environment variables in the SKILL.md file. - Included an explicit privacy notice about screenshot transmission to external visual model APIs. - No changes to code or behavior; documentation only.
v1.0.1
- Updated dependencies in package-lock.json to ensure latest compatible versions. - No changes to functionality or user-facing features.
v1.0.0
Initial release
元数据
Slug check-bookings-phone
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Check Bookings Phone 是什么?

检查携程旅行app预售订单的日期可用性。通过ADB连接Android设备,自动化操作携程app,遍历"未使用 预售订单"中的每个订单,查询指定日期范围内每天的预约状态(可约、约满、补差价等)。当用户提到检查携程订单、查看预售订单可用日期、查酒店预约状态时触发此skill。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 455 次。

如何安装 Check Bookings Phone?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install check-bookings-phone」即可一键安装,无需额外配置。

Check Bookings Phone 是免费的吗?

是的,Check Bookings Phone 完全免费(开源免费),可自由下载、安装和使用。

Check Bookings Phone 支持哪些平台?

Check Bookings Phone 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Check Bookings Phone?

由 Chao Zheng(@zcqqq)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论