Expedia
v1.0.0Search Expedia stays, packages, cars, and activities, compare real trip costs, and run partner-safe booking workflows with web and API modes.
⭐ 0· 203·1 current·2 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Expedia search, compare, partner-safe booking flows) match the required binaries and the config path. curl/jq are appropriate for web/API calls and parsing; openssl/xxd are justified by signature examples for Rapid partner APIs. Requesting ~/expedia/ storage is coherent for a workspace/memory.
Instruction Scope
Instructions are focused on Expedia tasks and separate web vs partner modes. They explicitly instruct the agent to create and update files under ~/expedia/ and to avoid logging secrets. Note: several files show curl examples and signature generation using placeholders for API keys — the skill does reference handling secrets but does not ask for them itself; ensure the agent will not persist raw credentials or broad system context.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk-installed code risk. Required binaries are standard and reasonable for the described operations.
Credentials
The skill requests no environment variables or external credentials by default. It documents that partner/API work requires Expedia-issued credentials (which is expected). There are no unrelated credential asks or unexplained external endpoints beyond Expedia's partner/API patterns shown in docs.
Persistence & Privilege
The skill will create and update files under ~/expedia/ (memory, request logs, bookings). This is expected for stateful partner workflows, but those files could contain sensitive metadata if misused. always:false and normal autonomous invocation are appropriate.
Assessment
This skill appears coherent with its stated Expedia-focused purpose, but before enabling it: 1) review and control the ~/expedia/ directory the skill will create (inspect contents after first run); 2) never paste or store raw API secrets, payment data, or full auth headers into those files — the docs also warn this, but verify behavior; 3) only switch to Travel Redirect or Rapid modes if you have valid Expedia partner credentials and you understand where those creds will live (prefer secure secret storage, not plain files); 4) note the skill uses openssl/xxd to build signatures — avoid logging command outputs that might include secret values; 5) because the skill's source is listed as unknown, consider running it in a limited or test environment first and monitor what files it writes. If you need higher assurance, ask the publisher for an explicit provenance or signed source before using partner/booking workflows.Like a lobster shell, security has layers — review code before you run it.
latestvk97ahb60d76we6pkpcqzg42ejh82tby5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧳 Clawdis
OSLinux · macOS · Windows
Binscurl, jq, openssl, xxd
Config~/expedia/