← 返回 Skills 市场
旅行盲盒
作者
hello_hang
· GitHub ↗
· v1.0.1
· MIT-0
100
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install flyai-travel-blindbox
功能描述
旅行盲盒助手,让旅行回归"探索未知"的本质。不选目的地,只设底线条件(预算上限、最远飞行时间、时间、排除城市),AI在满足条件的目的地中随机抽取一个,结合"拆盲盒"趣味交互。当用户提到"旅行盲盒"、"随机旅行"、"去哪都行"、"选择困难"、"不知道去哪"、"帮我选目的地"、"随机抽一个"、"盲盒"时使用。
使用说明 (SKILL.md)
旅行盲盒 — 拆一个惊喜目的地!
你是一个能够自主学习、持续成长的旅行盲盒大师。让旅行回归"探索未知"的本质——用户不选目的地,只设"底线条件",你在满足所有底线的目的地中随机抽一个,制造惊喜感。
核心定位
FlyAI 能力
完整命令参考见 reference 目录
本技能主要使用:search-flight、search-hotel、search-poi
惊喜旅行专家:
- 🎁 盲盒机制:不是选择困难?那就不选!AI帮你抽
- 🎲 随机惊喜:在满足条件的目的地池中随机抽取,制造未知的惊喜
- 💸 底线守护:你只管设条件(预算、飞行时间),AI保证不超标
- 🧬 记忆成长:记住你去过哪些城市,自动排除;记住你的偏好,让惊喜更对味
Memory 系统
作为一个能持续成长的智能助手,我会记住你的风格和偏好。
核心要点:
- 启动时读取:调用
search_memory查询用户画像,获取常驻城市、去过的城市、偏好等 - 有记录:直接使用已保存的偏好,自动排除去过的城市
- 无记录:首次用户,通过提问收集信息
- 实时更新:用户提到新的偏好、去过的城市时更新 Memory
- 忽略偏好:用户说"忽略偏好/重新开始"时跳过记忆
工具说明
用户画像读取(双模式)
启动时读取用户历史偏好,减少重复询问。
优先:search_memory(query="用户旅行画像", category="user_hobby", keywords="flyai")
降级:read_file(file_path="~/.flyai/user-profile.md")
工作流程
详细步骤见 reference/workflow.md
核心阶段:
- 收集底线条件 - 预算上限/飞行时间/排除城市
- 构建候选池 - 搜索满足条件的目的地
- 随机抽取 - 从候选池随机抽一个目的地
- 填充方案 - 搜索机票酒店景点
- 揭晓盲盒 - 制造惊喜感的交互输出
随机算法说明
现实约束与失败处理
| 情况 | 处理方式 |
|---|---|
| 候选池太少(不足3个) | 提示"条件较严格,只找到X个目的地,建议放宽预算或飞行时间" |
| 候选池为空 | 诚实告知,建议调整条件,给出具体调整建议 |
| 3次重抽都不满意 | 展示完整候选列表让用户自选 |
| SSL 证书验证失败 | 确保命令前加 NODE_TLS_REJECT_UNAUTHORIZED=0 |
| 价格波动导致超预算 | 标注"按当前价格计算,建议尽快预订锁价" |
| 搜索返回空结果 | 调整搜索条件,或用 AI 通识知识推荐替代目的地 |
| 用户去过的城市无记录 | 询问用户"有没有已经去过不想再去的城市?" |
飞行时间与目的地范围参考
自主学习机制
示例对话
用户偏好保存(双模式)
发现新偏好时提示保存。详见 reference/user-profile-storage.md
保存流程:发现偏好 → 提示确认 → Qoder用update_memory / 非Qoder更新本地文件
安全使用建议
This skill appears to do what it says (pick random destinations, search flights/hotels, and remember preferences), but there are two red flags to consider before installing or executing it: (1) the SKILL.md advises disabling TLS certificate checking (NODE_TLS_REJECT_UNAUTHORIZED=0) — this defeats HTTPS security and can expose you to man-in-the-middle attacks; (2) it recommends installing an external npm package globally (@fly-ai/flyai-cli), which will run third-party code on your machine. If you want to use this skill safely: do not run with TLS verification disabled; avoid global installs of unknown packages (prefer running in an isolated environment or container); inspect the npm package source/repository before installing; and review or sandbox any changes to ~/.flyai. If you rely on platform memory features instead of local files, prefer that over writing to your home directory. If unsure, treat the skill as experimental and run it only in a disposable environment.
功能分析
Type: OpenClaw Skill
Name: flyai-travel-blindbox
Version: 1.0.1
The skill bundle implements a travel 'blind box' assistant but contains a significant security vulnerability. Specifically, SKILL.md and workflow.md explicitly instruct the agent to disable SSL certificate validation by prefixing commands with 'NODE_TLS_REJECT_UNAUTHORIZED=0', which exposes the system to Man-in-the-Middle (MitM) attacks. Additionally, the workflow mandates a global npm installation of an external package (@fly-ai/flyai-cli) and manages user profile data in a local hidden directory (~/.flyai/user-profile.md), which, while functional, increases the attack surface.
能力评估
Purpose & Capability
The skill's declared purpose (randomized destination selection, search flights/hotels/POI, and remember user prefs) matches the instructions: it calls search-flight/search-hotel/search-poi, reads/writes a user-profile, and implements candidate selection. Asking to install a flyai CLI (via npm) is coherent with using 'flyai' commands, though that adds an external dependency.
Instruction Scope
Instructions explicitly read and update user profile data via either platform memory (search_memory/update_memory) or a local file at ~/.flyai/user-profile.md — this is expected. However, instructions repeatedly recommend running commands prefixed with NODE_TLS_REJECT_UNAUTHORIZED=0 (disabling TLS certificate checks) and recommend global npm installation and sudo usage. Disabling TLS verification and advising elevated install commands broaden the scope beyond normal assistant behavior and are unsafe.
Install Mechanism
There is no formal install spec, but the workflow instructs users/agents to run 'npm install -g @fly-ai/flyai-cli@latest' (and suggests npx usage). Installing an un-vetted global npm package from the public registry is a moderate risk — it downloads and installs third‑party code into the system. The lack of an included install manifest or verified upstream homepage increases uncertainty about the package origin and contents.
Credentials
The skill requests no explicit environment variables or external credentials, which is appropriate. However, it instructs setting NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass TLS verification for network calls — this is an environment modification unrelated to user preferences and is disproportionate and unsafe. The skill writes/reads files under ~/.flyai which is reasonable for storing user profile, but persisting data to the user's home directory is a persistent capability the user should consent to.
Persistence & Privilege
always:false (normal). The skill uses and suggests maintaining a local user-profile (~/.flyai/user-profile.md) or platform memory, which is expected for remembering preferences. It does not request system-wide privileges or modify other skills/configs. Still, writing to the user's home directory and doing global npm installs are privileged actions the user should be aware of.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install flyai-travel-blindbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/flyai-travel-blindbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1
- Added a comprehensive reference directory with detailed documentation on algorithms, workflows, tools, flight ranges, user profiles, search commands, and example dialogues.
- Refactored SKILL.md to streamline main logic, referencing modular documentation for workflows, tool usage, algorithms, and self-learning mechanisms.
- Implemented dual-mode user profile management strategy (memory API or local file fallback).
- Enhanced clarity and maintainability by separating core instructions and detailed technical guides.
v1.0.0
flyai-travel-blindbox v1.0.0
- 首次发布旅行盲盒助手:用户仅需设置预算、飞行时间、出行时间等底线条件,自动随机抽取目的地。
- 贴心收藏用户旅行偏好和去过的城市,并据此过滤结果,实现智能成长和记忆。
- 趣味化交互问答,支持条件补充与多轮筛选,增加“拆盲盒”仪式感。
- 支持候选池自动生成、加权随机算法优先推荐小众目的地。
- 提供完整出行方案(机票、酒店、景点、美食等),最多支持3次盲盒重抽及备选列表自选。
- 内建失败处理与现实约束提示,保证使用顺畅。
元数据
常见问题
旅行盲盒 是什么?
旅行盲盒助手,让旅行回归"探索未知"的本质。不选目的地,只设底线条件(预算上限、最远飞行时间、时间、排除城市),AI在满足条件的目的地中随机抽取一个,结合"拆盲盒"趣味交互。当用户提到"旅行盲盒"、"随机旅行"、"去哪都行"、"选择困难"、"不知道去哪"、"帮我选目的地"、"随机抽一个"、"盲盒"时使用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。
如何安装 旅行盲盒?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install flyai-travel-blindbox」即可一键安装,无需额外配置。
旅行盲盒 是免费的吗?
是的,旅行盲盒 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
旅行盲盒 支持哪些平台?
旅行盲盒 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 旅行盲盒?
由 hello_hang(@hello-ahang)开发并维护,当前版本 v1.0.1。
推荐 Skills