首页 / 技能 / Amadeus Flight Query — 查航班

📦 Amadeus Flight Query — 查航班

v1.0.0

通过 Amadeus API 实时查询全球航班报价、时刻表与余票,一句话获取价格、起降时间、舱位可用性,支持多城市往返搜索。

0· 829·2 当前·2 累计
by @kirorab
API工具自动化云服务
下载技能包
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
This skill appears to legitimately call the Amadeus API, but take these precautions before installing or using it: - The scripts include hardcoded API key and secret defaults and default to Amadeus's test endpoint. Treat those embedded credentials as potentially sensitive (or potentially public test credentials). Remove or replace them with your own keys and never rely on the bundled defaults for production. - SKILL.md mentions AMADEUS_BASE_URL but that env var is not listed in the declared req...
详细分析 ▾
用途与能力
Name, description, required binaries (node), and the code all align with a flight-query integration for the Amadeus API. The requests the skill makes (Amadeus endpoints) are coherent with the stated purpose.
指令范围
SKILL.md instructs running the provided node scripts and only references Amadeus endpoints. It also documents AMADEUS_BASE_URL for switching between test and production. The runtime instructions do not ask for unrelated system files or credentials beyond Amadeus, but the docs say 'hardcoded defaults are used' — and the code indeed contains default API credentials and defaults the base URL to a test endpoint.
安装机制
No install spec is provided (instruction-only deployment). No third-party downloads or archive extraction occur; this minimizes install-time risk.
凭证需求
The skill requires only AMADEUS_API_KEY and AMADEUS_API_SECRET which match the service. However: (1) the code also reads AMADEUS_BASE_URL (used for switching to production) but this variable is not listed in the declared required env vars — a documentation mismatch; (2) both scripts include hardcoded default API key and secret values and default to a test API base. Shipping credentials (even for a test environment) in-source is a security concern: they may be valid, reused, or abused by anyone with access to the skill bundle.
持久化与权限
The skill does not request elevated persistence (always:false). It does not modify other skills or agent-wide configs. Autonomous invocation is allowed but not unusual and is not combined with any other high privilege.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/23

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install amadeus-flights
镜像加速npx clawhub@latest install amadeus-flights --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库