Safety Report

voyager-travel-agent

Name: voyager-travel-agent
Rating: 5 (28 reviews)
Author: voyageragent

Alipay+ Voyager Travel Agent. Provides comprehensive travel solutions including flight search, hotel recommendations, and multi-day itinerary planning. Use w...

356Downloads

0Installs

28Stars

11Versions

Search & Retrieval4,480 Networking & DNS2,106

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and required resources are consistent with a travel search/itinerary agent that calls Alipay+ Voyager endpoints; it requests no unexpected credentials or installs.

Apr 8, 20266 files1 concern

Purpose & Capabilityok

Name/description match implementation: included scripts call Alipay+ Voyager MCP endpoints for flights and hotels and the references describe hotel/flight/itinerary workflows. There are no unrelated binaries, credentials, or config paths requested.

Instruction Scopenote

SKILL.md confines work to the included reference files and the two scripts; it explicitly instructs sending user search data to Alipay+ servers and to only use tool responses (no fabrication). This is coherent but has a privacy implication: user query data (dates, cities, possibly personal travel constraints) will be transmitted to external servers.

Install Mechanismok

Instruction-only plus two small included shell scripts; no network downloads, package installs, or archive extraction. Risk from installation is minimal because nothing is written to disk beyond the existing files.

Credentialsok

The skill declares no required environment variables or credentials. The scripts call hard-coded Alipay endpoints and operate without API keys for trial use; the later optional API key (higher QPS) is reasonable and proportional to the described functionality.

Persistence & Privilegeok

Skill does not request always:true, does not modify other skills or system settings, and contains no install-time persistent agents. Autonomous invocation (allowed by default) is normal for skills and not by itself problematic here.

Guidance

This skill behaves as a thin wrapper around Alipay+ Voyager APIs: it will send user-provided search parameters (dates, cities, queries) to Alipay servers via the included shell scripts. Before installing, consider: (1) privacy — avoid sending sensitive PII you don't want shared with Alipay; (2) provenance — verify you trust the skill source and that the hard-coded endpoints are legitimate for your use case; (3) API keys — an API key may be required later for higher QPS (the skill currently runs without credentials); (4) review the two scripts (they use curl/jq) and test in a sandbox if you need to limit network access. If you need stricter data controls, do not enable the skill or restrict it to non-sensitive queries.

Latest Release

v1.0.10

- Added a Data & Privacy section to clarify that user queries are transmitted to Alipay+ servers for processing. - Included a privacy notice informing users about external service calls and data handling when using this skill. - No logic or workflow changes; functionality remains the same.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @voyageragent on ClawHub