← 返回 Skills 市场
baizhexue

Fly Flight

作者 baizhexue · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
410
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install fly-flight
功能描述
Query China domestic transport options through one skill. Use when a user wants domestic flight or high-speed rail results, departure and arrival times, stat...
使用说明 (SKILL.md)

Fly Flight

Use the unified transport entrypoint in this skill to handle China domestic trip lookup for both flights and high-speed rail.

这是一个统一的中国境内出行查询 skill,同时支持航班和高铁。 它通过同一个 transport 入口按 mode 路由到底层 provider。

Requirements

Require the following runtime environment before using this skill:

  • python3
  • node
  • Network access to Tongcheng public flight pages and official 12306 public endpoints

使用这个 skill 前,运行环境必须具备:

  • python3
  • node
  • 能访问同程公开航班页面和 12306 官方公开接口的网络环境

These dependencies are required whether the skill is installed from GitHub or from ClawHub.
无论这个 skill 是从 GitHub 安装还是从 ClawHub 安装,这些依赖都必须满足。

Current implementation status:

  • flight mode is implemented through Tongcheng public flight pages.
  • train mode is implemented through official 12306 public high-speed rail query and public price endpoints.

Quick Start

Flight query:

python3 {baseDir}/scripts/transport_service.py search \
  --mode flight --from 北京 --to 上海 --date 2026-03-20 --sort-by price --pretty

High-speed rail query:

python3 {baseDir}/scripts/transport_service.py search \
  --mode train --from 北京 --to 上海 --date 2026-03-20 \
  --seat-type second_class --sort-by price --pretty

The legacy flight-only entrypoint remains available for backward compatibility:

python3 {baseDir}/scripts/domestic_flight_public_service.py search \
  --from 北京 --to 上海 --date 2026-03-20 --sort-by price --pretty

Optional local HTTP mode:

python3 {baseDir}/scripts/transport_service.py serve --port 8766

Workflow

  1. Determine transport mode. Use flight for flights, airports, airlines, or plane tickets. Use train for high-speed rail, rail tickets, stations, or train numbers. If the user is ambiguous, infer conservatively from their wording or ask.

  2. Route to the correct provider. Use scripts/transport_service.py as the shared entrypoint. Flight mode delegates to scripts/providers/flight_public_service.py. Train mode delegates to scripts/providers/train_public_service.py.

  3. Preserve a shared outer response shape. Return mode, provider, trip_type, outbound, and optional return. Keep mode-specific fields inside each leg's options.

  4. Apply only mode-specific filters that make sense. Flight filters: airline, direct-only, preferred airports. Train filters: train type, seat type, preferred stations.

  5. Summarize results with the mode label. Clearly say whether the result is a flight result or a train result. Treat public-source prices as reference prices that can differ from final checkout prices.

Output Rules

  • Prefer up to 5 options unless the user asked for more.
  • State the exact travel date in YYYY-MM-DD.
  • Keep the outer response consistent across modes.
  • Do not force a single shared field schema for airports and stations; keep mode-specific details inside options.
  • For round trips, clearly separate outbound and return.
  • For train mode, explain that prices come from official public fare data and seat availability comes from public query results.

Resources

安全使用建议
This skill appears to do what it says (China domestic flights and trains) and needs python3, node, and network access to public Tongcheng and 12306 endpoints — which is expected. However, two implementation choices increase risk: (1) the Node extractor eval()s JavaScript taken from fetched HTML, meaning a malicious or tampered page could execute code when you run the skill; (2) the train provider disables SSL certificate verification, making responses vulnerable to man-in-the-middle tampering. If you plan to install/run this skill: (a) only run it in a sandboxed environment or isolated container, (b) avoid running it on machines with sensitive credentials or access, (c) prefer using the sample-state/sample-* options when testing, and (d) consider modifying the code before use — replace eval() with a safer parser (or strict JSON extraction) and enable proper TLS verification. If you cannot audit or patch these issues, treat this skill as higher risk and avoid installing it on critical systems.
功能分析
Type: OpenClaw Skill Name: fly-flight Version: 1.1.1 The skill bundle contains high-risk implementation patterns that introduce critical security vulnerabilities. Specifically, `scripts/extract_tongcheng_state.js` uses `eval()` to parse data extracted from the external website `ly.com`, which creates a potential Remote Code Execution (RCE) vector if the site content is manipulated. Additionally, `scripts/providers/train_public_service.py` explicitly disables SSL certificate verification (`ssl._create_unverified_context()`), exposing the agent to Man-in-the-Middle (MITM) attacks when communicating with `kyfw.12306.cn`. While these appear to be functional choices for web scraping rather than intentional malware, they represent significant security risks.
能力评估
Purpose & Capability
Name/description, required binaries (python3, node), included provider scripts, and declared network access to Tongcheng and 12306 are consistent: python runs the CLI/HTTP entrypoint and providers, node is used to extract a JS payload from scraped flight HTML, and train code queries official 12306 endpoints.
Instruction Scope
Instructions and code perform only transport-related tasks and require network access to public endpoints as stated, but the Node extractor (scripts/extract_tongcheng_state.js) uses eval() to evaluate a payload taken from fetched HTML. Evaluating untrusted HTML content can execute arbitrary JavaScript and is a code-execution/exfiltration vector.
Install Mechanism
There is no remote install/download step; the skill is instruction-only (no install spec) and ships code in the bundle. That reduces supply-chain download risk, but the skill will execute local Python and Node code when invoked.
Credentials
The skill requests no secrets or config paths (appropriate), but the train provider intentionally disables SSL verification (ssl._create_unverified_context()) for 12306 connections, which weakens TLS and increases susceptibility to man-in-the-middle tampering of responses. Network access to public sites is necessary, but disabled verification is disproportionate and risky.
Persistence & Privilege
The skill does not request always:true or elevated persistence; it runs on demand and does not modify other skills or system-wide settings. Autonomous invocation is allowed by default, which is normal for skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install fly-flight
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /fly-flight 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Emphasized runtime requirements in both GitHub and ClawHub docs. Added prominent dependency notes for python3, node, and network access. 补充并重点强调了依赖环境说明,明确要求 python3、node 以及可访问公开航班页面和 12306 官方接口的网络环境。
v1.1.0
Added unified flight + high-speed rail transport support, train mode via official 12306 public endpoints, a shared transport entrypoint, bilingual GitHub/ClawHub descriptions, and updated regression coverage. 新增统一的航班+高铁 transport skill,加入基于 12306 官方公开接口的 train 模式、共享 transport 入口、中英双语介绍,以及对应回归测试更新。
v1.0.0
Initial public release: China domestic flight lookup from public web pages, no API key required.
元数据
Slug fly-flight
版本 1.1.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Fly Flight 是什么?

Query China domestic transport options through one skill. Use when a user wants domestic flight or high-speed rail results, departure and arrival times, stat... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 410 次。

如何安装 Fly Flight?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install fly-flight」即可一键安装,无需额外配置。

Fly Flight 是免费的吗?

是的,Fly Flight 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Fly Flight 支持哪些平台?

Fly Flight 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Fly Flight?

由 baizhexue(@baizhexue)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论