Show Booking
ReviewAudited by ClawScan on May 10, 2026.
Overview
The local parsing and calendar scripts look straightforward, but the skill delegates live outbound booking calls and client data to an unprovided calling sub-agent with unclear approval, provenance, and data-boundary controls.
Use this skill cautiously. The reviewed local scripts only parse text, create JSON plans, and generate calendar files, but live calling depends on a separate tour-booking component that is not included here. Before enabling live calls, review or install that dependency deliberately, run dry-run first, verify every phone number and call payload, and require explicit approval before the agent contacts offices or books showings.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or messy pasted email could influence the downstream calling workflow and lead to wrong call instructions or booking attempts.
The parser preserves the entire free-form intake or email text as the preferred-windows field that is later used in the call workflow. If pasted or emailed text contains unintended instructions, those instructions can be carried downstream unless the call payload is reviewed or filtered.
"preferred_windows_text": text,
Extract only structured scheduling fields for call payloads, treat raw intake text as untrusted reference material, and show the final call payload to the user before any live call.
The agent could call real estate offices and attempt bookings based on parsed data before the user has reviewed the exact call list and instructions.
This directs the agent toward real outbound calls for every queued listing. Approval is mentioned, but the workflow does not explicitly require a final user confirmation step before live calls and booking attempts.
For each `call_queue` record, invoke `tour-booking/scripts/place_outbound_call.py` ... If live calling is not approved, run with `--dry-run` and return the generated payload.
Make dry-run the default, require explicit user approval for the final call queue, and require per-batch or per-call confirmation before live outbound calls.
A user cannot verify from these artifacts what code will actually place calls, what endpoint it contacts, or what data it sends.
The referenced live-calling sub-agent/script is not included in the provided file manifest or install spec, yet it performs the central high-impact action.
Hand off call execution to the `tour-booking` sub-agent ... invoke `tour-booking/scripts/place_outbound_call.py`
Declare the tour-booking dependency explicitly, include or pin the callable implementation, and document its permissions, endpoints, and review status.
Personal and business scheduling details could be exposed to or acted on by a separate component the user has not reviewed.
The skill sends client identity, listing details, scheduling preferences, and callback instructions to another agent without defining the receiving agent's identity, permissions, retention, or data boundaries.
invoke `tour-booking/scripts/place_outbound_call.py` with: - Listing metadata. - Preferred windows. - Client identity. - Callback instructions.
Define exactly what data is passed to the sub-agent, minimize sensitive fields, and require the user to approve cross-agent handoff for live calls.
Installing or using the live-call path may require granting the workflow access to an ElevenLabs account or agent.
Live calling requires provider credentials. This is expected for the stated integration, but users should notice it because the registry metadata does not declare these credentials.
Required environment variables for live calls: `ELEVENLABS_API_KEY`, `ELEVENLABS_AGENT_ID` ... Optional: `ELEVENLABS_OUTBOUND_URL`
Use narrowly scoped credentials where possible, declare the required environment variables in metadata, and avoid enabling live calls until the dependency is reviewed.
Sensitive booking and client details may persist after the task unless the user controls where logs are stored and when they are deleted.
The audit trail may contain client names, listing details, phone numbers, booking outcomes, and timestamps. The artifacts do not define storage location, retention, or access controls.
Keep a full audit trail: request payload, call result, booking outcome, and timestamps.
Document audit-log storage and retention, redact unnecessary personal data, and give users a cleanup or export option.