qunar-travel-query

提供去哪儿网旅游信息查询能力；当用户需要查询机票、酒店、景点门票或火车票信息时使用

This skill appears to implement Qunar travel queries, but there are two things you should check before installing or enabling it: 1) Credential mapping mismatch — The SKILL.md tells you to configure a credential named 'qunar_api_key', but the script reads an environment variable named COZE_QUNAR_API_KEY_7612643102733467667. Confirm with the platform how credentials are mapped to environment variables; if the platform does not automatically set COZE_QUNAR_API_KEY_7612643102733467667 from your 'qunar_api_key' entry, the skill will fail. Do not paste your real API Key into an arbitrary text field unless you understand where it will be stored. 2) Endpoint / exfiltration risk — The script will send your API Key in the Authorization header to whatever api_endpoint is provided. Only use official, documented Qunar endpoints. If you or the agent accidentally supply a malicious endpoint, your API Key could be leaked. Prefer hard-coding or whitelisting known official endpoints in agent logic, or restrict network egress in the runtime environment. Additional practical steps: - Verify the source (this package lists no homepage and the source is 'unknown'); prefer skills from known/trusted publishers. - Confirm the runtime has the 'coze_workload_identity' dependency (or replace it with a standard requests library) and declare dependencies explicitly. - If you must test, do so in a sandboxed environment with network controls and a test/limited API Key that can be revoked. - If unsure, ask the skill author to (a) document exact env var name(s) the script expects, (b) declare dependencies, and (c) restrict or validate api_endpoint values.

Type: OpenClaw Skill Name: qunar-travel-query Version: 1.0.0 The skill is designed for legitimate travel queries but presents a Server-Side Request Forgery (SSRF) vulnerability. The `scripts/qunar_query.py` script accepts an `api_endpoint` as a direct argument and uses it to make network requests, sending the `Authorization` header containing the Qunar API key. The `SKILL.md` and `references/api_reference.md` indicate that this `api_endpoint` is dynamically determined by the AI agent, potentially influenced by user input. This design allows a malicious user to craft a prompt that directs the agent to call an arbitrary, attacker-controlled URL, leading to the exfiltration of the Qunar API key.