✈️ Google Flights Realtime API — 实时航班比价

v1.0.5

调用 Google Flights 实时接口，一键搜索单程与往返特价机票，返回最低价、航司、起降时间等完整数据，支持筛选舱位、中转次数，助你秒抓最优行程。

0· 410·3 当前·3 累计

by @mtnrabi

API工具自动化网络工具

下载技能包项目主页

最后更新

2026/4/21

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill appears to do what it says (call RapidAPI's Google Flights endpoint using RAPIDAPI_KEY), but take the following precautions before installing: - Confirm the source and ownership: the skill's source is listed as 'unknown' in the registry; verify the RapidAPI homepage owner (the provided RapidAPI link) and that you trust that provider. - Provide only a RapidAPI key with minimal permissions and monitor usage: the skill will send your RAPIDAPI_KEY in the x-rapidapi-key header. Consider u...

详细分析 ▾

⚠ 用途与能力

The skill's purpose (search Google Flights via RapidAPI) matches the single required credential (RAPIDAPI_KEY) and the described endpoint. However, the SKILL.md assumes the availability of runtime tools (curl, bash, mktemp, python3) but the registry metadata declares no required binaries. The skill also claims to communicate exclusively with google-flights-live-api.p.rapidapi.com, which is consistent with its purpose.

⚠ 指令范围

Instructions direct the agent to run curl POSTs and to generate/execute bash scripts for parallel date-range scans that create temp files and combine results. This is within the skill's functional scope, but the parallel-scan pattern can spawn many concurrent requests (risking quota/cost and heavy network usage). The SKILL.md also tells agents not to use Python requests yet the example parallel script (truncated) invokes python3 -c, an inconsistency that increases uncertainty about what the agent will run. The truncated content prevents full review of that Python command.

✓ 安装机制

This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That is the lowest-risk install model and is coherent with the README's claim of 'no code execution' (though the agent will execute shell commands at runtime).

✓ 凭证需求

Only RAPIDAPI_KEY is required and declared as the primary credential, which is appropriate for a RapidAPI-backed flight search skill. The README offers an alternative config path (~/.openclaw/openclaw.json) which is reasonable. No unrelated secrets are requested.

✓ 持久化与权限

The skill does not request always:true, does not require system-wide config changes, and is user-invocable. The README's example shows storing an API key in the skill's config section (normal). No elevated privileges are requested.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.52026/3/10

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install google-flights-realtime-api

镜像加速npx clawhub@latest install google-flights-realtime-api --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库