← 返回 Skills 市场
Trip Planner 0→1
作者
dengjiawei1226
· GitHub ↗
· v1.0.0
· MIT-0
75
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install trip-planner-0to1
功能描述
从 0 到 1 制作一份完整的自由行出行攻略,覆盖需求采集、多源资源调研(小红书 MCP + 地图 + Web 搜索)、方案决策、Markdown 行程书产出、交互式 Todo 网页(本地存储 + 可选云端同步)、一键部署到静态托管的端到端工作流。适用于东南亚海岛、日本、欧洲自驾、美洲公路旅行等任何自由行场景。触...
安全使用建议
This skill appears to do what it says: generate itineraries, run multi-source research, and provide an interactive, optionally-synced todo page. Things to consider before you install/use it:
- Sync backends are optional. The default (localStorage) keeps everything on your device only. Do not paste production tokens into the example JS unless you understand the backend you chose.
- If you enable Gist/JSONBin, those require a GitHub PAT or JSONBin Master Key. Keep these secrets private and prefer creating a dedicated token with minimal scopes (e.g., gist scope only). Be careful: creating a public gist by mistake can leak data.
- Self-host and Cloudflare Worker options are provided as templates. If you deploy the Node self-host, secure your server (HTTPS via reverse proxy, optional X-Auth-Token) and do not expose the raw service without auth. The provided self-host sample listens on 127.0.0.1 by default — follow the instructions to reverse-proxy and secure it.
- The SKILL suggests running third-party components (xiaohongshu-mcp Docker image, unpkg-hosted Leaflet). Verify those upstream projects yourself and only pull images/releases you trust.
- The browser-side JS (todo-sync.js) stores state in localStorage and optionally posts to your configured backend. Review the code before using it and avoid embedding sensitive data (PNRs, partial credit card info) into sharable rooms.
If you want extra assurance, request: (1) confirmation of the exact Docker image/tag for MCP, (2) a short walkthrough of how the skill's agent would use any credentials you provide, or (3) a security checklist for deploying the self-hosted Node/Cloudflare Worker (suggested auth options and recommended token scopes).
功能分析
Type: OpenClaw Skill
Name: trip-planner-0to1
Version: 1.0.0
The skill bundle is classified as suspicious due to insecure credential handling and supply chain risks. The 'todo-sync.js' file provides a template that encourages users to hardcode sensitive secrets, such as GitHub Personal Access Tokens (PATs) and JSONBin Master Keys, directly into client-side JavaScript for data synchronization. Additionally, the 'SKILL.md' instructions direct the agent to facilitate the download and execution of third-party binaries and Docker images from an external GitHub repository (xpzouying/xiaohongshu-mcp). While these features support the stated goal of trip planning and synchronization, the implementation patterns create a high risk of credential exposure and supply chain compromise.
能力标签
能力评估
Purpose & Capability
Name/description (end-to-end trip planning, research, Markdown itinerary, interactive todo + optional cloud sync) match the included assets: research prompt templates, itinerary template, interactive HTML skeleton, todo-sync.js, and optional sync backends (Gist/JSONBin/Cloudflare/self-host). No environment variables or binaries are requested that are unrelated to the stated purpose.
Instruction Scope
SKILL.md asks the agent/user to run multi-source research (xiaohongshu MCP, map APIs, WebSearch) and provides concrete installation/run steps (Docker, wrangler for Cloudflare). It does not direct the agent to read unrelated system files or harvest secrets. It does instruct use of optional cloud sync backends and shows how to place API keys/tokens in config variables or in the JS template — these are within scope but require user caution (see guidance).
Install Mechanism
The skill is instruction-only (no automated install spec). Templates reference common package sources (GitHub, unpkg, Docker Hub) and include code snippets for self-hosting or Cloudflare Workers. No opaque download URLs, URL shorteners, or extract-to-disk installs are present in the skill bundle.
Credentials
The skill declares no required env vars or primary credential. Optional sync flows do require service credentials (GitHub PAT for Gist, JSONBin master key, Cloudflare account for Workers) which are appropriately optional and proportional to a cross-device sync feature. The samples include placeholder tokens (e.g. 'ghp_xxx') — these are not required but if used carelessly they could expose secrets or create public artifacts; the skill does not require unrelated credentials (no AWS, no database keys).
Persistence & Privilege
Skill metadata does not request always:true or system-wide persistence. The skill provides templates that the user may deploy; those deployments (self-hosted Node or Cloudflare Worker) would persist only if the user chooses to run them. The skill does suggest writing a small mcp.json config for MCP servers (expected for MCP integration) but does not instruct modifying other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trip-planner-0to1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/trip-planner-0to1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 8-phase end-to-end self-guided trip planning workflow with xiaohongshu MCP research, map APIs, markdown itinerary, interactive HTML dashboard, and 5 sync backend options (localStorage/Gist/JSONBin/Workers/self-host).
元数据
常见问题
Trip Planner 0→1 是什么?
从 0 到 1 制作一份完整的自由行出行攻略,覆盖需求采集、多源资源调研(小红书 MCP + 地图 + Web 搜索)、方案决策、Markdown 行程书产出、交互式 Todo 网页(本地存储 + 可选云端同步)、一键部署到静态托管的端到端工作流。适用于东南亚海岛、日本、欧洲自驾、美洲公路旅行等任何自由行场景。触... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。
如何安装 Trip Planner 0→1?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trip-planner-0to1」即可一键安装,无需额外配置。
Trip Planner 0→1 是免费的吗?
是的,Trip Planner 0→1 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Trip Planner 0→1 支持哪些平台?
Trip Planner 0→1 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Trip Planner 0→1?
由 dengjiawei1226(@dengjiawei1226)开发并维护,当前版本 v1.0.0。
推荐 Skills