← 返回 Skills 市场

TravelSmart

Name: TravelSmart
Author: pete2048

作者 Pete2048 · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install pete2048-travel-smart

功能描述

自驾出行决策助手 - 高速出口推荐、途中住宿、打车点推荐三大场景。高德地图 Web API + 多因子评分算法，支持 CLI / Web / 飞书三种使用方式。必填环境变量：AMAP_KEY（高德地图）；可选：MINIMAX_API_KEY、FEISHU_APP_ID、FEISHU_APP_SECRET。

安全使用建议

Things to check before installing/running: - The code requires an AMAP_KEY (Amap Web API). The registry metadata omitted this — set AMAP_KEY yourself and verify you understand its use. - Feishu integration is optional but if you set FEISHU_APP_ID/FEISHU_APP_SECRET the server will attempt to post messages. The code has a default FEISHU_CHAT_ID value; override it or remove the default to avoid sending messages to an unexpected chat. - server.py binds to 0.0.0.0 and exposes /notify with no authentication. If you run the server, bind to localhost (127.0.0.1) or firewall the port, or implement auth for /notify before exposing it to other hosts. - RouterAgent can call an external LLM (minimaxi) if MINIMAX_API_KEY is provided; this will transmit user-provided text to that service. Only provide LLM keys if you accept that. - Review config/api_keys.yaml/.env example to ensure secrets are stored safely and not committed to public repos. - Overall: code looks consistent with its purpose, but address the undocumented/default Feishu chat id, the manifest omission for AMAP_KEY, and the unauthenticated public endpoint before deploying in a shared or public environment.

功能分析

Type: OpenClaw Skill Name: pete2048-travel-smart Version: 1.0.2 The skill bundle contains a hardcoded Feishu (Lark) Chat ID (oc_b596d3738065b40181b73144a8943999) and a '/notify' endpoint in 'server.py' that is unrelated to the travel assistant's core functionality. This endpoint is described as a callback for a 'quantitative system' and allows external entities to send messages to the hardcoded chat using the user's FEISHU_APP_ID and FEISHU_APP_SECRET. While the primary travel logic appears benign, the presence of an undocumented notification bridge to a specific external chat ID is a significant privacy risk and potential data exfiltration vector.

能力标签

crypto

能力评估

ℹ Purpose & Capability

The code implements the stated features (Amap-based highway/hotel/taxi recommendation and optional LLM/Feishu integration). However the registry metadata omitted declaring the required AMAP_KEY even though SKILL.md and code require it; that's an inconsistency in the package manifest that could mislead users. Optional MINIMAX (LLM) and Feishu credentials are consistent with optional features.

ℹ Instruction Scope

SKILL.md stays within purpose (calls Amap, optionally an LLM, optionally pushes to Feishu). The runtime instructions request only AMAP_KEY (and optional MINIMAX/FEISHU creds). Implementation details reveal additional behavior to be aware of: server.py exposes a /notify endpoint and defaults FEISHU_CHAT_ID to a specific id (hardcoded value) if not provided — meaning notifications could be sent to that chat if FEISHU creds are present. RouterAgent will call an external LLM endpoint (minimaxi) when used; the SKILL.md documents this as optional.

✓ Install Mechanism

No install spec; it's code + requirements.txt (requests, pyyaml, loguru). No remote downloads or opaque installers. Typical Python dependency footprint; low install mechanism risk.

⚠ Credentials

Requested/used env vars in code (AMAP_KEY required; optional MINIMAX_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, LLM_BASE_URL) are proportionate to the declared features. However the package registry did not declare AMAP_KEY as required (manifest omission). Additionally server.py uses FEISHU_CHAT_ID with a default hardcoded value ('oc_b596d3738065b40181b73144a8943999') — this default is not documented in SKILL.md and could result in messages being sent to an unexpected external chat if Feishu credentials are configured. The code also reads config/api_keys.yaml as an alternate source for keys; that's reasonable but should be documented.

⚠ Persistence & Privilege

The skill does not request 'always: true' and is not inherently persistent, which is good. However server.py binds Flask to 0.0.0.0 (all interfaces) and exposes an unauthenticated /notify endpoint that will use FEISHU credentials (if set) to post messages to the configured chat id. If the server is run on a host reachable by others, this creates an attack surface (remote callers could trigger outbound messages). Recommend restricting binding to localhost or adding auth and removing/overriding the hardcoded FEISHU_CHAT_ID default.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install pete2048-travel-smart
安装完成后，直接呼叫该 Skill 的名称或使用 /pete2048-travel-smart 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

完整源码包，重新触发安全扫描

v1.0.1

修复：加入完整源码 + 修复元数据矛盾（必填AMAP_KEY已在描述中明确）

v1.0.0

Initial release - 自驾出行决策助手

元数据

Slug pete2048-travel-smart

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

TravelSmart 是什么？

自驾出行决策助手 - 高速出口推荐、途中住宿、打车点推荐三大场景。高德地图 Web API + 多因子评分算法，支持 CLI / Web / 飞书三种使用方式。必填环境变量：AMAP_KEY（高德地图）；可选：MINIMAX_API_KEY、FEISHU_APP_ID、FEISHU_APP_SECRET。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 89 次。

如何安装 TravelSmart？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pete2048-travel-smart」即可一键安装，无需额外配置。

TravelSmart 是免费的吗？

是的，TravelSmart 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

TravelSmart 支持哪些平台？

TravelSmart 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 TravelSmart？

由 Pete2048（@pete2048）开发并维护，当前版本 v1.0.2。