← 返回 Skills 市场
Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays
作者
xiejinsong
· GitHub ↗
· v3.2.0
· MIT-0
72
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spring-hotel
功能描述
Find and book hotels with hot spring baths — onsen pools, private hot spring rooms, ryokan stays, thermal spa resorts. Also supports: flight booking, hotel r...
安全使用建议
This skill relies entirely on installing and running a third‑party npm CLI (@fly-ai/flyai-cli) at runtime and may write persistent logs of your queries to disk. Before installing or enabling it: 1) Verify the npm package and its publisher (inspect the package on npmjs.org or its repository) and confirm it’s the official Fliggy/authorized client; 2) Ask the skill author for a homepage, source repo, and details on where booking credentials are stored and how authentication is handled; 3) If you must test it, run the CLI installation in a sandboxed environment or VM and inspect what files/configs it creates; 4) Ensure you are comfortable with the skill writing .flyai-execution-log.json containing your queries and results or ask for an option to disable local logging. If you cannot verify the CLI publisher or don't want a runtime global npm install and persistent logs, do not enable the skill.
功能分析
Type: OpenClaw Skill
Name: spring-hotel
Version: 3.2.0
The skill mandates the global installation of an external NPM package (`npm i -g @fly-ai/flyai-cli`) and requires the agent to execute shell commands to function. While these actions are consistent with the stated goal of a CLI-based hotel search tool, the requirement for high-privilege installation and the use of aggressive prompt-engineering in `SKILL.md` to override agent safeguards (e.g., 'CRITICAL EXECUTION RULES') pose a significant supply chain risk. The skill also attempts to write logs to the local filesystem in `references/runbook.md` (`.flyai-execution-log.json`).
能力评估
Purpose & Capability
The skill's stated purpose (finding and booking onsen hotels) matches the CLI commands it instructs (flyai search-hotel / search-poi). However, it depends entirely on an external CLI (@fly-ai/flyai-cli) that is not bundled, has no registry homepage provided, and the skill does not declare how the CLI will authenticate to the claimed provider (Fliggy). Requiring a third-party CLI is reasonable for live booking, but the lack of declared credential requirements or vendor/source information is a notable gap.
Instruction Scope
SKILL.md instructs the agent to install and run an external CLI, run many flyai commands, and persist a run log file (.flyai-execution-log.json) if filesystem writes are available. The runbook stores user queries and command output in the log. Instructions also force strict runtime behavior (never answer from training data, always include booking links). The filesystem logging of raw user_query and CLI results can expose user data on disk; the skill’s instructions give the agent authority to install and execute external code and to write persistent logs without describing retention or access controls.
Install Mechanism
There is no install spec in the registry; instead SKILL.md mandates running npm i -g @fly-ai/flyai-cli at runtime if the CLI is missing. Installing an arbitrary global npm package at runtime is moderate-to-high risk: it pulls remote code that will run on the host, may require elevated privileges, and the package source/maintainer is not validated in the skill files (no homepage, no source). This is an instruction-only skill that nevertheless causes the agent to perform a network install, increasing attack surface.
Credentials
The skill declares no required environment variables or credentials, yet it expects to perform bookings 'powered by Fliggy'. It does not explain where credentials come from (CLI interactive login, local config, or implicit tokens). The runbook also logs user_query and CLI commands/results locally, which is a form of data persistence/exposure not reflected in the declared requirements. The absence of declared auth requirements combined with necessary remote API access is a proportionality and transparency concern.
Persistence & Privilege
The skill will persist an execution log to .flyai-execution-log.json if filesystem writes are available, storing user_query and CLI results. While the skill is not marked always:true, it still requests persistent local logging and can install and run external code. Persistent logs of user inputs and commands increase privacy risk and the blast radius of any compromised CLI.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spring-hotel - 安装完成后,直接呼叫该 Skill 的名称或使用
/spring-hotel触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.0
Renamed and optimized
元数据
常见问题
Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays 是什么?
Find and book hotels with hot spring baths — onsen pools, private hot spring rooms, ryokan stays, thermal spa resorts. Also supports: flight booking, hotel r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 72 次。
如何安装 Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spring-hotel」即可一键安装,无需额外配置。
Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays 是免费的吗?
是的,Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays 支持哪些平台?
Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Book Hotels with Hot Spring Baths — Onsen Pools, Private Hot Spring Rooms, Ryokan Stays?
由 xiejinsong(@xiejinsong)开发并维护,当前版本 v3.2.0。
推荐 Skills