← 返回 Skills 市场

travel-master-v4-clawhub

Name: travel-master-v4-clawhub
Author: timo2026

作者 Timo2026 · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

100

总下载

当前安装

版本数

在 OpenClaw 中安装

/install travel-master-v4-clawhub

功能描述

旅游大师V4 - 数学收敛守卫 + 真实API + 并行商家链接 + 拟人化响应式HTML攻略生成系统

安全使用建议

What doesn't add up: (1) SKILL.md and clawhub.json say GAODE_API_KEY / FLYAI_API_KEY are required but registry metadata lists no env vars; the code reads AMAP_API_KEY instead — check exact env variable names before supplying secrets. (2) Docs show running main_v4_2.py from project root, but the file is under core/ (core/main_v4_2.py) and imports use inconsistent relative paths (e.g., '..mcp.amap_client' vs core/amap_client.py) — the package may not run as-documented. (3) Documentation includes external-network commands (npx flyai-cli, curl to amap) while many code files claim 'no external HTTP' and provide mock data — clarify whether the skill will call external services in your environment. (4) Dependencies listed (Flask, aiohttp, @fly-ai/flyai-cli) conflict with claims of 'no_asyncio/no_flask' and presence of async functions in report_generator.py — this inconsistency can produce runtime surprises. Before installing or running: do not paste real API keys into .env; run the code in a sandbox or VM; verify which env names the running code actually reads; inspect and fix import paths and startup commands; ask the author for a coherent release (matching SKILL.md, clawhub.json, and source tree) or use a vetted upstream repo. If you must try it, run static unit tests and start it without network access to confirm behavior, and only provide real API credentials after you confirm where and how they're used.

功能分析

Type: OpenClaw Skill Name: travel-master-v4-clawhub Version: 1.0.3 The travel-master-v4 skill bundle is a legitimate travel planning assistant designed to collect user requirements (5W2H) and generate a responsive HTML itinerary. The code utilizes a 'Socratic' extraction method via regular expressions and keyword matching (socratic_agent.py) to avoid LLM hallucinations and ensure data convergence. It features a mock API client (amap_client.py) and a local debate engine (debate_engine.py) to generate travel options, which are then rendered into a 'Glassmorphism' style HTML report (report_generator.py) containing links to reputable travel platforms like Ctrip, Meituan, and Amap. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.

能力标签

cryptocan-make-purchases

能力评估

⚠ Purpose & Capability

The SKILL.md and clawhub.json claim the skill uses real APIs (高德/ FlyAI / 美团 / 携程) and require GAODE_API_KEY and FLYAI_API_KEY, yet the registry metadata listed no required env vars. The code attempts to use local/mock implementations but also references external-API CLIs and curl examples in documentation. This mismatch (real API examples vs local mocks) is disproportionate and unclear: a user wouldn't need both full real-API keys and purely-mock code simultaneously without explanation.

⚠ Instruction Scope

Runtime instructions and docs direct users to install Flask, aiohttp, python-dotenv and to run 'python3.8 main_v4_2.py', yet the repository places main_v4_2.py under core/ (core/main_v4_2.py) and many files use different environment variable names (GAODE_API_KEY vs AMAP_API_KEY). SKILL.md contains examples invoking npx @fly-ai/flyai-cli and curl to amap endpoints (i.e., external network calls) while many code files assert 'no external HTTP' and provide mocks. The documentation also shows starting a watchdog.sh, contradicting the 'no daemon' claims. These instructions both overreach and contradict each other, giving agents broad/leaky discretion.

ℹ Install Mechanism

There is no install spec (instruction-only), which lowers one class of risk, but clawhub.json lists dependencies (flask, aiohttp, @fly-ai/flyai-cli) even though many code files claim those dependencies were removed. The project asks users to pip install packages including aiohttp and Flask, but the shipped code uses a MockFlaskApp and mostly synchronous code. This is inconsistent (sloppy packaging) and could mislead users into installing unnecessary network-capable packages.

⚠ Credentials

SKILL.md and clawhub.json declare required API config keys (GAODE_API_KEY and FLYAI_API_KEY, optional TENCENT_MAP_KEY/MEITUAN_TOKEN), but the code reads differently named variables (e.g., AMAP_API_KEY, environment lookups use other keys). The registry/metadata also earlier said 'Required env vars: none' — conflicting claims. Requesting API keys for mapping/booking services is plausible for a travel skill, but the inconsistent names and missing 'primaryEnv' make it unclear which secrets will actually be used or transmitted. Also HTML output includes links to external booking sites — not secret exfiltration per se, but the mismatch invites accidental key exposure if users follow unclear instructions.

✓ Persistence & Privilege

The skill does not request always:true, does not claim to auto-enable itself, and has no install script that writes persistent system-wide config. start.sh and SKILL.md show user-managed startup; nothing indicates forced persistent agent-level privileges. However, the README and docs recommend running as a service and show watchdog/nohup examples — so persistence would be user-managed, not automatic.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install travel-master-v4-clawhub
安装完成后，直接呼叫该 Skill 的名称或使用 /travel-master-v4-clawhub 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

travel-master-v4-clawhub v1.0.3 - 新增 core/start.sh 启动脚本，实现用户管理功能 - 移除 core/watchdog.sh 文件，优化启动方式 - 更新 SKILL.md 及文件结构，新增 start.sh 并标记部分模块为 Mock/本地实现 - 调整文档与配置，修正相关描述，提升部署和使用指引可读性 - docs 相关教程、推文内容同步更新

v1.0.2

travel-master-v4-clawhub v1.0.2 - Improved core engine modules (engine.py, debate_engine.py) for stability and accuracy. - Enhanced AMap (高德) API integration in amap_client.py. - Updated main application entry (main_v4_2.py) for optimized workflow. - No changes to documentation or user-facing behavior.

v1.0.1

Security and compliance enhancements (local LLM-free processing): - Removed all external LLM API calls; now uses only local intent and content parsing. - Added core/safe_json.py: a new local JSON parser to enhance data safety. - Updated helpers.py, debate_engine.py, and socratic_agent.py to eliminate remote model dependencies. - Improved overall local handling for user intent and debate logic. - Updated documentation to reflect new security and compliance measures.

v1.0.0

Initial release of Travel Master V4 (旅游大师V4): - Introduces a math-based convergence guard for reliable itinerary planning. - Integrates real APIs: Gaode (高德), FlyAI, Meituan (美团), Ctrip (携程). - Generates responsive, human-like HTML travel guides with Glassmorphism style. - Links flight, hotel, ticket, and merchant info from multiple vendors in parallel. - Supports memory retention for multi-turn conversations. - Requires real API keys (Gaode, FlyAI) and delivers output across web, QQ, Telegram, and Discord.

元数据

Slug travel-master-v4-clawhub

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

travel-master-v4-clawhub 是什么？

旅游大师V4 - 数学收敛守卫 + 真实API + 并行商家链接 + 拟人化响应式HTML攻略生成系统. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 100 次。

如何安装 travel-master-v4-clawhub？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install travel-master-v4-clawhub」即可一键安装，无需额外配置。

travel-master-v4-clawhub 是免费的吗？

是的，travel-master-v4-clawhub 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

travel-master-v4-clawhub 支持哪些平台？

travel-master-v4-clawhub 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 travel-master-v4-clawhub？

由 Timo2026（@timo2026）开发并维护，当前版本 v1.0.3。