v1.0.0

ai-hotel

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

This hotel-booking skill is purpose-aligned, but it can use a bundled access token, stores long-lived account credentials, and can create or cancel orders, so it needs careful review before installation.

GuidanceReview this skill before installing. Do not use it with real Fenbeitong credentials unless the bundled default token is removed, credential storage is secured and declared, and the agent is required to ask for clear confirmation before booking or canceling any hotel order.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/openai_adapter.py

"create_order": "创建酒店预订订单...核心接口" ... "cancel_order": "取消已创建的酒店订单"

The skill exposes model-callable functions that create and cancel hotel orders, but the artifacts do not show a required final confirmation step before those account-mutating actions.

User impactThe agent could alter hotel orders in a business travel account, potentially creating reservations, exposing guest/contact details, or canceling existing orders.

RecommendationRequire an explicit user confirmation immediately before every create or cancel action, showing hotel, dates, price, guest/contact details, payment/cancellation terms, and the exact order to be changed.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage, making it harder to verify provenance for a skill that handles account tokens and bookings.

User impactUsers have less independent information to validate who maintains the code or whether the bundled token and API behavior are intentional.

RecommendationInstall only if you trust the publisher, request a public source/provenance link, and review the included code before using real Fenbeitong credentials.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/fb_hotel_api.py

# 默认 access-token（测试用） DEFAULT_ACCESS_TOKEN = "fbsk-2db..." ... self.access_token = saved_token or DEFAULT_ACCESS_TOKEN

If no user token is provided or loaded, the API client falls back to a bundled access token for authenticated requests.

User impactHotel searches, bookings, cancellations, or order lookups could run under a bundled/shared token rather than the user's authenticated Fenbeitong account.

RecommendationRemove the bundled token, fail closed when no user token is available, declare the credential requirement in metadata, and require explicit user authentication before any business API call.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/fb_hotel_api.py

AUTH_FILE = Path.home() / ".fbt-auth.json" ... auth_data = {"identity_code": token, "mobile": mobile, ...}; AUTH_FILE.write_text(json.dumps(auth_data, ensure_ascii=False, indent=2))

The code writes the access token and mobile number as JSON in the user's home directory for later reuse.

User impactFuture sessions can reuse the saved token to access the user's Fenbeitong hotel account; anyone with access to that file may also obtain the token and mobile number.

RecommendationUse a secure credential store or strict file permissions, enforce expiration and easy revocation, avoid storing mobile numbers unless needed, and make the credential storage clearly declared during installation.