← 返回 Skills 市场
robinmtzieme-commits

Zim

作者 robinmtzieme-commits · GitHub ↗ · v3.0.2 · MIT-0
cross-platform ⚠ suspicious
197
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install zim
功能描述
Agent travel middleware for searching flights, hotels, and car rentals, assembling policy-aware itineraries, managing traveler preferences, and preparing pay...
安全使用建议
What to check before installing or enabling this skill: - Confirm provenance: the registry lists no homepage and the source is 'unknown'. Only enable code from sources you trust. - Verify environment variables: the package needs several sensitive keys (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY). Do not supply production Stripe keys unless you understand and have tested payment flows; prefer test keys (sk_test_...) and restrict their use to an isolated environment. - Don’t run the QA scripts or orchestrator with live keys unless you intend to make outbound calls to LLM/search APIs — these scripts call external services and may consume quota or leak keys in logs. - Inspect and sandbox before install: because the package contains executable Python code and shell wrappers, consider installing and running it inside a contained environment (dedicated VM or container) and do a code review of entry points (scripts/zim-wa.sh, scripts/zim-whatsapp-handler.py, zim/__main__.py, zim/orchestrator.py, zim/llm_agent.py, etc.). - Be cautious about symlinking into ~/.openclaw/skills or auto-registering: that will make the skill discoverable and runnable by agents; only do this after you’ve reviewed how the wrapper sets env vars and where it persists state (data/whatsapp_state.db). - Investigate the prompt-injection signal: search SKILL.md and other files for hidden or injected directives (phrases like 'ignore previous instructions') and remove or sanitize them before enabling autonomous invocation. - If you need narrower exposure: avoid setting LLM or payment keys in the environment; run the skill in read-only or demo mode, or stub out network calls until you validate behavior. If you want, I can: (a) list files that reference specific env vars (so you can audit where secrets are used), (b) extract exact lines where the prompt-injection pattern appears, or (c) suggest a minimal safe runtime command to exercise the package without enabling payments/LLM calls.
功能分析
Type: OpenClaw Skill Name: zim Version: 3.0.2 The 'zim' skill bundle is a well-structured travel orchestration middleware that enables searching and booking flights, hotels, and car rentals via multiple providers (Travelpayouts, SerpApi, Kiwi, Booking.com). It includes a FastAPI-based API, a stateful WhatsApp agent, and comprehensive logic for managing traveler preferences, corporate policies, and Stripe-based payment flows. The package demonstrates security awareness by implementing Bearer token authentication for its API, validating Stripe and Twilio webhook signatures, and providing strict behavioral instructions in SKILL.md and Python prompts to prevent agent hallucinations or character breaks. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
能力标签
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
The code and SKILL.md implement the advertised travel middleware (flight/hotel/car search, itinerary assembly, Stripe Checkout integration, WhatsApp handler). Requested binaries (python3, bash, curl, jq) and Python deps are appropriate for this functionality. However, the registry metadata claims 'Required env vars: none' while SKILL.md and code require several sensitive environment variables (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY). That mismatch between declared registry requirements and the actual package contents is an incoherence worth flagging.
Instruction Scope
SKILL.md + SETUP.md instructs actions beyond simple search: it documents symlinking the skill into ~/.openclaw/skills, a wrapper script (scripts/zim-wa.sh) that execs into the Python WhatsApp handler, and a persistent SQLite state at data/whatsapp_state.db. The QA scripts explicitly call external LLMs (OPENROUTER_API_KEY) and live search APIs. Those runtime instructions will cause outbound network calls, persist conversation state locally, and rely on sensitive env vars. Additionally, a prompt-injection pattern ('ignore-previous-instructions') was detected inside SKILL.md, which could indicate an attempt to influence evaluation or agent behavior. Together these widen the runtime surface and should be reviewed before use.
Install Mechanism
There is no formal install spec in the registry (skill treated as instruction-only), yet a full Python package (pyproject.toml) and many source files are included. The package expects installation (python3 -m pip install . is documented). This is not inherently malicious, but the absence of an explicit install spec / automated installer in the registry metadata is an inconsistency that can confuse users and lead to accidental execution of code without a controlled install process.
Credentials
The environment variables required by the code and SKILL.md (TRAVELPAYOUTS_TOKEN, TRAVELPAYOUTS_MARKER, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, OPENROUTER_API_KEY, SERPAPI_KEY, ZIM_BASE_URL) are relevant to the described functionality (affiliate searches, deeplinks, Stripe Checkout, external LLM). However: (1) the registry lists no required env vars, (2) several sensitive credentials are needed and would grant outbound API access if set, and (3) test/production key guidance is present but could be overlooked (e.g., do not accidentally set live Stripe keys). The number and sensitivity of env vars is proportionate to the feature set, but the mismatched metadata and the potential for misuse (live payments, LLM calls) are concerning.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills. It does, however, document persistent local state (SQLite DB at data/whatsapp_state.db) and suggests symlinking into the user's OpenClaw skills directory and restarting the gateway for discovery. Those steps require filesystem changes and will make the skill persistent within the user's OpenClaw environment. This is expected for aWhatsApp-style agent but is an action that should be done deliberately and under supervision.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install zim
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /zim 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.2
Fixed .clawignore to properly exclude QA test scripts and test suite from published package. Removed test files that contained jailbreak test scenarios triggering security scanner false positives.
v3.0.1
Security fixes: patched shell injection in search scripts (use sys.argv), excluded QA test scripts from package (contained jailbreak test strings), added .clawignore for data/db files.
v3.0.0
v3.0.0: Security metadata + capability declarations. Added explicit capabilities (stripe_checkout, travelpayouts_search, serpapi_search) and sensitive_env in frontmatter. Removed false-positive trigger words. Conversational warmth + dates in flight results. NLU improvements (context switching, typo correction, retry logic). 93/100 QA pass rate.
v2.9.0
Security: removed all hardcoded API tokens and secrets. Env vars now required.
v0.1.3
Explicitly declare Stripe payment capabilities in metadata. Clarify no crypto/wallet/blockchain involvement - Stripe Checkout only. Fixes ClawHub security scan false positives.
v0.1.2
Harden registry package: align version/license, add README, exclude repo/cache/venv artifacts from publish bundle, reduce scanner ambiguity around runtime and credentials.
v0.1.1
Fix disclosure metadata: declare Python runtime and package dependencies, required env vars, Stripe test-mode/payment boundaries, external API dependencies, and package contents accurately.
v0.2.0
Payment-enabled booking flow, trip orchestration, ranking, approval, Stripe integration
元数据
Slug zim
版本 3.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Zim 是什么?

Agent travel middleware for searching flights, hotels, and car rentals, assembling policy-aware itineraries, managing traveler preferences, and preparing pay... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 197 次。

如何安装 Zim?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zim」即可一键安装,无需额外配置。

Zim 是免费的吗?

是的,Zim 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Zim 支持哪些平台?

Zim 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Zim?

由 robinmtzieme-commits(@robinmtzieme-commits)开发并维护,当前版本 v3.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论