Multi City Planner

多目的地行程规划与比价工具。支持多程航班、缺口程、往返组合等多种方案对比，自动优化同国家城市连续游玩，输出标准 HTML 网页报告。

Summary of issues and recommended next steps before installing or running: 1) Expect to need a flyai API key: the docs instruct configuring FLYAI_API_KEY for flyai-cli but the skill metadata doesn't declare it. If you plan to use live flight data, create an API key on the provider and verify how the scripts consume it. Ask the author to declare required env vars. 2) Inspect the executable scripts before running: plan.js uses child_process.execSync to run scripts under scripts/*. Those scripts may call flyai-cli or make network requests — review them for any hard-coded endpoints, credentials, telemetry, or filesystem access you don’t want shared. Run the code only after manual review or in a sandbox. 3) Note the documentation/code mismatch about hiding internal details: SKILL.md forbids showing skill name/script paths/tool calls, but plan.js prints which script it runs and some HTML files include the skill name/version. If you require strict non-disclosure of the tooling/runtime details, verify and remove those printouts/footers. 4) Run in an isolated environment first: use a sandbox/container or non-privileged account, and avoid running on machines with sensitive credentials. Monitor network traffic on first runs to see what external endpoints are contacted. 5) Ask for clarifications or fixes from the publisher: request the author update the skill metadata to list required env vars (e.g., FLYAI_API_KEY), remove contradictions between SKILL.md and code output, and provide a short security/privacy note describing what data is transmitted to external services. If you want, I can: (a) scan the scripts directory for network calls and suspicious filesystem access, (b) point out exact lines that print internal info, or (c) propose minimal changes to make the metadata and SKILL.md consistent with the code.

Type: OpenClaw Skill Name: multi-city-planner Version: 1.0.0 The skill bundle contains a significant command injection vulnerability in `plan.js` and several scripts within the `scripts/` directory (e.g., `search-multi-city.js`, `compare-all.js`). These files use `child_process.execSync` to execute shell commands constructed directly from unsanitized user input (e.g., `--origin`, `--cities`), allowing for potential Remote Code Execution (RCE). Additionally, `SKILL.md` contains instructions for the AI agent to explicitly hide the tool's execution process, internal technical details, and script paths from the user, which could be used to obscure malicious activity. The presence of hardcoded local absolute paths (e.g., `/Users/dansha/liuxiaokang/...`) further indicates poor security practices.