← 返回 Skills 市场

Travel In China

Name: Travel In China
Author: lijingxu007

作者 lijingxu007 · GitHub ↗ · v2.0.3 · MIT-0

cross-platform ⚠ suspicious

370

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tcly

功能描述

基于飞书多维表格的智能旅游行程定制助手，可生成、查询和管理旅行计划。

安全使用建议

This skill appears to be what it says (a Feishu Bitable-backed inbound-travel lead collector) and the code only talks to open.feishu.cn — however the registry metadata did not declare the required environment variables while the SKILL.md and tools.py do require sensitive credentials (FEISHU_APP_SECRET, etc.). Before installing: 1) Verify the skill's source repository (inspect the GitHub link) and confirm the code there matches the packaged files. 2) Only provide FEISHU_APP_SECRET to this skill if you trust the source; create a Feishu app with minimal permissions and add it only to the specific table. 3) Use a test/dummy table or limited account for initial trials, and rotate credentials afterward. 4) Confirm legal/privacy requirements for storing PII in the chosen Feishu table (consent, retention, access controls). If you can update the registry metadata to list the required env vars and a verified source URL, that would resolve the main incoherence and increase trust.

功能分析

Type: OpenClaw Skill Name: tcly Version: 2.0.3 The skill is a legitimate tool designed to collect inbound travel requirements and store them in Feishu (Lark) Bitable. The Python code in `tools.py` correctly uses environment variables for sensitive credentials, implements input sanitization (length limits), and communicates exclusively with the official Feishu API (open.feishu.cn). While `SKILL.md` contains some inconsistent documentation regarding available tool names (likely due to a copy-paste error between versions), the core logic is functional and lacks any indicators of malicious intent, data exfiltration to unauthorized domains, or prompt-injection attacks.

能力评估

⚠ Purpose & Capability

The skill's name, README, SKILL.md and code consistently describe a Feishu (Bitable) integration for collecting travel leads; the Feishu credentials requested by the code (App ID/Secret, base token, table ID) are appropriate for that purpose. However, the registry metadata at the top of the report claims 'Required env vars: none' and 'Primary credential: none' even though both SKILL.md and tools.py clearly require and use FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BASE_TOKEN and FEISHU_TABLE_ID. That metadata mismatch is an incoherence and a provenance/permission red flag.

✓ Instruction Scope

SKILL.md instructs the agent to collect personal and trip-related fields (name, contact, nationality, dates, budget, dietary/visa needs) and to submit them to a Feishu Bitable. The instructions and the tool functions align: the code only sends data to the official Feishu API endpoints and does not attempt to read unrelated local files or external endpoints. Note: collecting PII is expected for this skill but requires appropriate user consent and data-handling controls.

✓ Install Mechanism

There is no install spec (instruction-only skill with a small Python tool). requirements.txt only lists 'requests'. No downloads from untrusted URLs or archive extraction are present. README points to a GitHub repo for source, but the registry metadata's 'Source: unknown' is inconsistent with that link — verify the upstream repo before trusting code.

⚠ Credentials

The set of environment variables used by tools.py (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BASE_TOKEN, FEISHU_TABLE_ID) are reasonable and proportional to the stated Feishu integration. The concern is that the skill metadata did not declare any required env vars or primary credential — this omission makes it easy for a user to miss that they must supply a sensitive App Secret. Also, FEISHU_APP_SECRET is highly sensitive; ensure it is stored securely and that the app has minimal necessary permissions.

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide privileges. The code does not modify other skills or system configuration and performs only API calls to Feishu. Autonomous invocation (default) is allowed — combine this fact with credential access when deciding trust, but autonomous invocation alone is not a new risk.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tcly
安装完成后，直接呼叫该 Skill 的名称或使用 /tcly 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.3

2.0.3 增加说明

v2.0.2

2.0.2

v2.0.1

No user-facing changes detected in version 2.0.1. - No updates to code or documentation since the previous version. - All features and usage remain unchanged.

v2.0.0

1.0.0

v1.0.1

Travel Customizer 1.0.1 - 增加了行程的创建、查询、更新和删除功能，可实现全面的旅行计划管理。 - 支持通过自然语言与用户交互，自动生成并保存结构化行程数据到飞书多维表格。 - 新增对环境变量配置流程的详细指引，更好地支持本地或云端安装。 - 提供快速安装命令与源码地址，便于用户获取和部署插件。 - 用法示例更加清晰，覆盖多场景操作。

v1.0.0

Travel Customizer 1.0.0 — Initial release - Launches an AI-driven travel customization assistant for the tourism industry. - Guides users to provide travel requirements via natural conversation. - Collects and submits structured travel data to a Feishu Bitable upon user confirmation. - Supports configurable environment variables for Feishu API integration. - Protects user privacy by masking phone numbers in chat. - Includes clear confirmation workflow and detailed response templates for user interactions.

元数据

Slug tcly

版本 2.0.3

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 6

常见问题

Travel In China 是什么？

基于飞书多维表格的智能旅游行程定制助手，可生成、查询和管理旅行计划。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 370 次。

如何安装 Travel In China？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tcly」即可一键安装，无需额外配置。

Travel In China 是免费的吗？

是的，Travel In China 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Travel In China 支持哪些平台？

Travel In China 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Travel In China？

由 lijingxu007（@lijingxu007）开发并维护，当前版本 v2.0.3。