← 返回 Skills 市场
Show Booking
作者
danielfoch
· GitHub ↗
· v0.1.0
729
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install show-booking
功能描述
Book real estate showing tours from emailed or pasted listing details, including extracting listing data, preparing outbound call jobs, coordinating a callin...
安全使用建议
This skill's local scripts (parsing, planning, .ics creation) are coherent and low-risk, but the critical calling step is delegated to an external 'tour-booking' component that is not included and which the references say uses ElevenLabs (voice API). Before installing or running this skill: (1) confirm where 'tour-booking/scripts/place_outbound_call.py' lives and inspect its code and endpoints; (2) don't provide ELEVENLABS_API_KEY or related credentials unless you trust that sub-agent and have audited its behavior; (3) if you need to test, use the documented --dry-run mode so no live calls or external network transmission happens; (4) consider privacy and telemarketing/regulatory obligations before allowing live calls that transmit client PII; (5) request the publisher to update metadata to declare required environment variables and dependencies (so the credential access is explicit). If you cannot verify the external calling component, treat the calling/delegation portion as a potential data-exfiltration risk and avoid enabling live-call execution.
功能分析
Type: OpenClaw Skill
Name: show-booking
Version: 0.1.0
The skill bundle is classified as suspicious due to a Local File Inclusion (LFI) vulnerability risk. The Python scripts (`scripts/intake_request.py`, `scripts/orchestrate_showings.py`, `scripts/create_invite_ics.py`) accept file paths as command-line arguments (e.g., `--input-file`, `--input`). A malicious prompt could instruct the AI agent to provide paths to arbitrary sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), potentially leading to information disclosure if the agent is instructed to output error messages or partial content. While the scripts expect JSON input and would error on non-JSON files, the ability to attempt reading arbitrary files without path validation is a significant vulnerability. There is no evidence of intentional malicious behavior like data exfiltration or remote code execution.
能力评估
Purpose & Capability
The name/description align with the included scripts (parsing intake, building call queues, and producing .ics files). However, the runtime workflow explicitly delegates outbound calling to a separate 'tour-booking' sub-agent (place_outbound_call.py) and the references document mentions ElevenLabs API keys — yet the skill metadata declares no required environment variables or primary credential. That omission is disproportionate to the stated end-to-end calling capability.
Instruction Scope
SKILL.md tells the agent to run local scripts and to invoke an external sub-agent script for placing outbound calls. The provided code is local and file-based, but the calling step hands off listing metadata, client identity, and callbacks to 'tour-booking', which is not included here. That sub-agent is described as handling ElevenLabs integration (voice calls) and could transmit PII to external services. The instructions therefore implicitly permit network calls and transmission of personal data without declaring those endpoints/credentials.
Install Mechanism
There is no install spec and the code shipped is small, local Python scripts. Nothing in this package attempts to download or install external binaries; risk from the install mechanism itself is low.
Credentials
The 'integration-notes' reference required environment variables for live calls (ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, optional ELEVENLABS_OUTBOUND_URL), but the skill's declared requirements list none. A skill that initiates outbound voice calls would legitimately need such credentials — their absence from the metadata is an incoherence that hides the need to supply sensitive keys to enable the full workflow.
Persistence & Privilege
The skill does not request always:true, system-level config paths, or persistent privileges. It reads/writes local files under paths supplied at runtime (e.g., /tmp or user-provided paths), which is consistent with its described function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install show-booking - 安装完成后,直接呼叫该 Skill 的名称或使用
/show-booking触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of show-booking skill—automates requesting and confirming real estate showings.
- Parses free-form requests or emailed listing details to extract booking data.
- Builds and manages per-listing outbound call jobs, including data quality checks.
- Coordinates a calling sub-agent for live or dry-run outbound booking calls.
- Generates calendar invites (.ics) for confirmed showings.
- Returns concise confirmations and blocks incomplete requests (e.g., missing phone numbers).
- Implements guardrails for legal compliance, caller identification, and audit trails.
元数据
常见问题
Show Booking 是什么?
Book real estate showing tours from emailed or pasted listing details, including extracting listing data, preparing outbound call jobs, coordinating a callin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 729 次。
如何安装 Show Booking?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install show-booking」即可一键安装,无需额外配置。
Show Booking 是免费的吗?
是的,Show Booking 完全免费(开源免费),可自由下载、安装和使用。
Show Booking 支持哪些平台?
Show Booking 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Show Booking?
由 danielfoch(@danielfoch)开发并维护,当前版本 v0.1.0。
推荐 Skills