Skillv0.1.2

ClawScan security

Trip.com TripGenie · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly aligns with a Trip.com travel assistant and only requires a TripGenie API key, but there are a few inconsistencies (undeclared environment access and small metadata gaps) you should review before installing.
Guidance: This skill appears to be a straightforward Trip.com TripGenie adapter that requires a single API key (TRIPGENIE_API_KEY) and forwards user queries to TripGenie's API endpoint. Before installing, consider: 1) Verify the endpoint (https://tripgenie-openclaw-prod.trip.com) and the TripGenie onboarding URL are legitimate and that you obtained the API key from the official Trip.com source. 2) The skill will return API responses verbatim by default — those responses may include booking links, reservation tokens, or other sensitive details; only use it if you’re comfortable exposing that raw data to the agent/user. 3) The instructions reference the LANG environment variable but do not declare it; if your environment exposes LANG to the agent, the skill may read it. 4) The metadata doesn't mark the TRIPGENIE_API_KEY as the primary credential — confirm how the platform will store and protect the key. 5) Because the agent can invoke the skill autonomously by default, it may attempt to handle travel queries without explicit user approval; if you want tighter control, disable autonomous invocation or restrict when the skill can be used. If you need higher assurance, ask the skill author for canonical documentation or a signed package/source to confirm origin and behavior.

Review Dimensions

Purpose & Capability: okName, description, declared intent (hotel/flight/attraction/travel consultation) and the single required env var TRIPGENIE_API_KEY are consistent with a travel/query-forwarding skill that calls TripGenie APIs. No unrelated binaries or installs are requested.
Instruction Scope: concernSKILL.md instructs the agent to POST user queries to https://tripgenie-openclaw-prod.trip.com endpoints and return the full API response verbatim. That is consistent with the stated purpose, but the instructions also refer to using the LANG environment variable (“use LANG when available”) even though LANG is not declared in requires.env. The instructions also mandate returning API responses "as-is," which could surface any sensitive data the API includes. The skill writes temporary files under /tmp in examples (expected for an instruction-only skill).
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code — lowest risk for unexpected on-disk code. The sample usage relies on curl/jq being available, which is reasonable for the provided bash examples.
Credentials: noteOnly TRIPGENIE_API_KEY is declared as required, which is proportionate. Minor mismatches: LANG is referenced in instructions but not declared, and the metadata does not mark TRIPGENIE_API_KEY as the primary credential (primary credential field is empty).
Persistence & Privilege: okalways is false (default), the skill is user-invocable and can be autonomously invoked by the agent (normal). The skill does not request persistent installation or system-wide configuration changes.