← 返回 Skills 市场
junyij

Housing Scout — Smart House(Sale or Lease) Search & Alerts

作者 Junyi Jiao · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
544
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install housing-scout-pro
功能描述
Find and monitor housing listings (buy/rent), apply practical filters, and manage subscription-style alerts in any supported region. Use when the user asks t...
使用说明 (SKILL.md)

Housing Scout

This skill is self-contained for ClawHub publish. All commands run against the bundled runtime under ./scripts/housing_scout/.

Quickstart (recommended)

  • Create a profile and run first search immediately:
    • node ./scripts/housing_scout/housing_scout.mjs quickstart --name "great nyc area" --city "New York" --state "NY" --beds-min 3 --budget-max 2000000 --run true

Direct search (no profile required)

  • Buy:
    • node ./scripts/housing_scout/housing_scout.mjs search --intent buy --city "Seattle" --state "WA" --beds-min 3 --budget-max 1200000
  • Rent:
    • node ./scripts/housing_scout/housing_scout.mjs search --intent rent --city "Seattle" --state "WA" --beds-min 2 --budget-max 4500

Profile workflow

  • Create:
    • node ./scripts/housing_scout/housing_scout.mjs create_profile --name "great new york city area" --city "New York" --state "NY" --country "US" --beds-min 3 --budget-max 2000000
  • List:
    • node ./scripts/housing_scout/housing_scout.mjs list_profiles
  • Show:
    • node ./scripts/housing_scout/housing_scout.mjs show_profile --name "great new york city area"
  • Delete:
    • node ./scripts/housing_scout/housing_scout.mjs delete_profile --name "great new york city area"
  • Use profile:
    • node ./scripts/housing_scout/housing_scout.mjs search --profile "great new york city area" --intent buy
    • node ./scripts/housing_scout/housing_scout.mjs search --profile "great new york city area" --intent rent

Provider cache operations

  • Status:
    • node ./scripts/housing_scout/housing_scout.mjs provider_cache_status --provider zillow --intent buy
  • Refresh:
    • node ./scripts/housing_scout/housing_scout.mjs refresh_provider_cache --provider zillow --intent buy --from ./tmp/zillow_buy.json

Other useful commands

  • Lease flow:
    • node ./scripts/housing_scout/housing_scout.mjs lease --profile "great new york city area"
  • Comps from Redfin URL:
    • node ./scripts/housing_scout/housing_scout.mjs comps --query south-bay-buy-default --redfin-url "https://www.redfin.com/..."
  • Subscriptions:
    • node ./scripts/housing_scout/housing_scout.mjs subscribe --query south-bay-buy-default --channel telegram --to YOUR_CHAT_ID
    • node ./scripts/housing_scout/housing_scout.mjs unsubscribe --query south-bay-buy-default
    • node ./scripts/housing_scout/housing_scout.mjs unsubscribe --subscription-id sub-...
    • node ./scripts/housing_scout/housing_scout.mjs list_subscriptions
    • node ./scripts/housing_scout/housing_scout.mjs run_subscriptions

Optional preset example

  • The built-in South Bay preset is only for demo/smoke test:
    • node ./scripts/housing_scout/housing_scout.mjs search --query south-bay-buy-default

Notes

  • Multi-provider selector: --providers redfin,zillow,realtor.
  • Provider status:
    • Redfin: live feed/caches
    • Zillow: live-cache adapter (live_zillow_buy.json / live_zillow_rent.json)
    • Realtor: live-cache adapter (live_realtor_buy.json / live_realtor_rent.json)
  • refresh_provider_cache input shape:
    • { "listings": [ { "address"|"street/city/state/zip", "url", "price"|"rent", "beds", "baths", "sqft", "homeType" } ] }

Security + data egress notes (important)

  • Redfin fetch path uses https://r.jina.ai/http/... in this runtime. This is a third-party fetch proxy.
  • Any URL supplied via Redfin/city endpoint flows may be requested through that proxy and fetched content is returned into the tool pipeline.
  • Never pass private/internal URLs (for example: localhost, 127.0.0.1, 10.x.x.x, 172.16-31.x.x, 192.168.x.x, link-local, intranet hostnames, cloud metadata endpoints).
  • Only use public real-estate pages you are comfortable sharing with an external fetch service.
  • Subscriptions/notifications can send data outside the runtime (channel + to). Verify recipients before enabling.

Notifications setup (Telegram)

  • This skill does not store bot tokens in skill files.
  • Configure Telegram credentials in OpenClaw Gateway/channel config or environment variables.
  • subscribe stores destination metadata (channel, to) in local skill state.
  • run_subscriptions emits NOTIFY_PAYLOAD JSON; delivery is performed by assistant/gateway messaging.

Local persistence + cleanup

  • The skill writes state under ./scripts/housing_scout/data/ (profiles, queries, subscriptions, snapshots, caches).
  • Keep this directory scoped to the skill workspace; do not point commands at unrelated sensitive files.
  • Remove active outbound targets when no longer needed:
    • node ./scripts/housing_scout/housing_scout.mjs unsubscribe --query \x3CqueryId>
    • node ./scripts/housing_scout/housing_scout.mjs unsubscribe --subscription-id \x3CsubId>
  • Remove unused profiles:
    • node ./scripts/housing_scout/housing_scout.mjs delete_profile --name "\x3Cprofile>"
  • If you need a hard reset, manually clear JSON state files under ./scripts/housing_scout/data/.

Privacy/safety checklist

  • Replace YOUR_CHAT_ID with your own approved target.
  • Do not commit personal chat IDs, tokens, or private channels.
  • Keep credentials outside skill files (env vars or gateway config).
  • Review and prune subscriptions/caches periodically.
安全使用建议
This skill appears to do what it says (searches providers, ranks listings, and manages local subscriptions). Before installing: 1) Be aware Redfin fetches are routed through a third‑party proxy (https://r.jina.ai/http/...) — do not supply private/internal URLs or cloud metadata endpoints because their proxy will fetch them. 2) Subscriptions/notifications can deliver listing data to external channels (e.g., Telegram). Double-check the 'to' targets and configure bot credentials securely via your gateway (do not commit tokens into skill files). 3) The skill persists profiles, queries, subscriptions, caches, and snapshots under its data directory — if you want to avoid lingering data, run it in an isolated workspace and periodically clear ./scripts/housing_scout/data/. 4) If you need to remove the third‑party proxy risk, review/replace fetchViaJina calls with a fetch mechanism you control. Finally, note that some files were truncated in the listing — if you want higher confidence, request a full file dump and/or run a local code audit before running the skill in production.
功能分析
Type: OpenClaw Skill Name: housing-scout-pro Version: 1.0.3 The skill is classified as suspicious due to two significant vulnerabilities: a Server-Side Request Forgery (SSRF) risk and a Local File Inclusion (LFI) vulnerability. The SSRF risk stems from the use of `https://r.jina.ai/http/...` in `scripts/housing_scout/providers/redfin.mjs` to proxy user-supplied URLs (e.g., via `--redfin-url`), which could be exploited to access internal network resources or cloud metadata if the proxy lacks robust protection. The LFI vulnerability exists in `scripts/housing_scout/housing_scout.mjs`, where the `refresh_provider_cache` command directly reads a file specified by the `--from` argument using `fs.readFileSync` without path sanitization, potentially allowing an attacker to read arbitrary local files. While the `SKILL.md` documentation warns against some of these risks, the code itself does not implement sufficient safeguards, making these critical vulnerabilities.
能力评估
Purpose & Capability
Name/description (search, compare, alerts) align with the bundled Node.js runtime and provider adapters (Redfin, Zillow, Realtor), the query/profile/subscribe flows, and local persistence. The code implements searching, deduping, ranking, comps, and subscription management as advertised.
Instruction Scope
Runtime instructions tell the agent to run the provided node scripts under ./scripts/housing_scout/ and to store state under ./scripts/housing_scout/data/. The SKILL.md and code explicitly call out external fetches (notably Redfin endpoints routed through r.jina.ai) and that subscription destinations can deliver data outside the runtime. Those behaviors are within the stated purpose but represent explicit data egress points that users must consider.
Install Mechanism
No install spec is provided (instruction-only install), and all code is bundled with the skill. There are no downloads from arbitrary URLs or package installs declared in the skill metadata, which reduces installation risk.
Credentials
The skill does not request environment variables or credentials in metadata. Notification delivery (Telegram) is referenced but the skill states it does not store bot tokens in files and expects credentials to be configured separately in gateway or env. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill stores and reads JSON state only under its own ./scripts/housing_scout/data/ directory and snapshots under snapshots path. always is false and the skill does not modify other skills or system-wide configuration in the reviewed files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install housing-scout-pro
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /housing-scout-pro 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Update name - No code or documentation changes detected in this version. - Functionality and instructions remain consistent with previous release.
v1.0.2
Version 1.0.2 - Expanded documentation on security, notifications, and data egress, including important guidance on third-party fetch proxies and safe URL usage. - Added details on Telegram notification setup and credentials management. - Now documents how to unsubscribe from notifications by both query and subscription ID. - Includes instructions for state directory management and guidance on cleaning up local data. - Updated privacy and safety checklist with stronger recommendations for data protection and regular subscription review.
v1.0.1
- Removed 6 outdated or unneeded housing snapshot data files to reduce clutter and storage use. - No user-facing feature changes or workflow changes in this version.
v1.0.0
Added the initial sill for house scout pro: Multi-provider home search and monitoring for buy/rent. Create reusable location profiles, run direct filtered searches (city/state/zip, budget, beds/baths, home type), refresh provider caches, and generate subscription-ready listing updates.
元数据
Slug housing-scout-pro
版本 1.0.3
许可证
累计安装 1
当前安装数 1
历史版本数 4
常见问题

Housing Scout — Smart House(Sale or Lease) Search & Alerts 是什么?

Find and monitor housing listings (buy/rent), apply practical filters, and manage subscription-style alerts in any supported region. Use when the user asks t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 544 次。

如何安装 Housing Scout — Smart House(Sale or Lease) Search & Alerts?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install housing-scout-pro」即可一键安装,无需额外配置。

Housing Scout — Smart House(Sale or Lease) Search & Alerts 是免费的吗?

是的,Housing Scout — Smart House(Sale or Lease) Search & Alerts 完全免费(开源免费),可自由下载、安装和使用。

Housing Scout — Smart House(Sale or Lease) Search & Alerts 支持哪些平台?

Housing Scout — Smart House(Sale or Lease) Search & Alerts 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Housing Scout — Smart House(Sale or Lease) Search & Alerts?

由 Junyi Jiao(@junyij)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论