首页 / 技能 / Nature Spots — 搜自然景点

📦 Nature Spots — 搜自然景点

v3.2.0

一句话输入即可找到全球山脉、湖泊、瀑布、国家公园与奇观,附带徒步难度、最佳季节与摄影贴士,还能比价航班、酒店与租车,规划一次说走就走的自然之旅。

0· 50·0 当前·0 累计
xiejinsong 头像by @xiejinsong
搜索数据分析生产力工具
下载技能包
最后更新
2026/4/11
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill forces installing and running an external CLI (npm i -g @fly-ai/flyai-cli), relies entirely on that CLI for answers, and suggests writing execution logs to disk — yet the registry lists no install or credential requirements and the 'Fliggy' branding doesn't clearly match the flyai package. Before installing or enabling this skill: 1) Verify the origin, maintainer, and npm page/source repository for @fly-ai/flyai-cli (check publisher, recent activity, and code). 2) Ask the author to de...
详细分析 ▾
用途与能力
The skill claims travel/booking capabilities 'powered by Fliggy' but its runtime strictly requires the third-party flyai CLI (@fly-ai/flyai-cli). The registry metadata lists no required binaries or env vars, which contradicts the SKILL.md that mandates installing and using a specific CLI. Booking/flight/hotel features normally require credentials or API access, yet no credentials are declared.
指令范围
SKILL.md forces the agent to be a 'CLI executor' and to never answer from training data — it requires running flyai commands for all responses, enforces output/link formats, and instructs creation of request logs. It also tells the agent to re-execute until booking links are present. These runtime instructions extend beyond simple lookup: they install/run external software and may cause persistent local writes (runbook logs).
安装机制
There is no declared install spec in the registry, but the skill's prerequisites and instructions explicitly require running 'npm i -g @fly-ai/flyai-cli' and executing the installed CLI. Asking users/agents to install a global npm package from an unverified namespace without an install spec is a risk and inconsistent with the registry metadata.
凭证需求
The skill supports bookings, flights, insurance, and other actions that normally require credentials or payment API access, but requires.env and primary credential fields are empty. The runbook also logs 'user_query' and other request data to a local file if available, which could capture sensitive info despite no declared data handling or consent flow.
持久化与权限
The skill does not request 'always: true' (good), but the runbook suggests appending logs to .flyai-execution-log.json if filesystem writes are available — this implies persistent local storage of user queries and CLI call metadata. The skill also instructs installing a global binary, which modifies the host environment.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv3.2.02026/4/11

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install nature-spots
镜像加速npx clawhub@latest install nature-spots --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库