首页 / 技能 / Check Bookings Phone — 查携程预售

📦 Check Bookings Phone — 查携程预售

v1.0.2

通过ADB连接Android设备,自动打开携程旅行App,遍历“未使用预售订单”,逐日查询指定日期范围内的预约状态(可约/约满/补差价),一键返回所有结果。

0· 420·0 当前·0 累计
zcqqq 头像by @zcqqq (Chao Zheng)
自动化浏览器自动化
下载技能包
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill appears to do what it says (automate Ctrip via ADB and query calendar statuses), but it sends screenshots from your phone to an external visual model endpoint. Before installing: 1) Confirm and trust the MIDSCENE_MODEL_BASE_URL you will use (do not use unknown or third‑party endpoints). 2) Be aware screenshots may include hotel names, prices, dates, and other personal info — avoid running on a device with sensitive apps/accounts logged in. 3) Note the registry metadata omits the requi...
详细分析 ▾
用途与能力
The name/description, dependency on @midscene/android, and the script's ADB automation are coherent: this skill legitimately needs an external vision model to analyze screenshots. However the registry metadata lists no required env vars while SKILL.md explicitly requires MIDSCENE_MODEL_* variables — an inconsistency between declared metadata and runtime instructions.
指令范围
Runtime instructions and the script take screenshots of the device UI and send them to the MIDSCENE_MODEL_BASE_URL visual model API for OCR/analysis. The SKILL.md does warn about screenshots containing order/hotel details being transmitted, but this behavior is sensitive (it transmits potentially personal/financial info) and constitutes data exfiltration to an external service.
安装机制
No arbitrary download install is present; dependencies are standard npm packages (listed in package.json / package-lock.json). Installation uses npm install (traceable). This is moderate risk but expected for a Node/TS skill.
凭证需求
The script needs MIDSCENE_MODEL_API_KEY, MIDSCENE_MODEL_BASE_URL, MIDSCENE_MODEL_NAME (and optionally MIDSCENE_USE_DOUBAO_VISION) — these are justified by the use of a hosted vision model. The concern is (a) the registry metadata omitted these required env vars, and (b) these credentials grant an external service access to screenshots of your device, so they are sensitive and should only be given to a trusted endpoint.
持久化与权限
Skill does not request always:true and does not modify other skills or system-wide configuration. It runs ad-hoc when invoked and uses the agent to control an attached Android device; no elevated platform privileges are requested.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/2/28

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install check-bookings-phone
镜像加速npx clawhub@latest install check-bookings-phone --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库