Travel Planning
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: travel-planning Version: 1.0.1 The OpenClaw AgentSkills bundle for 'travel-planning' is classified as benign. All files are markdown-based instructions and templates for the AI agent, with no executable code. The `SKILL.md` explicitly defines strict boundaries, stating the skill ONLY manages files within `~/travel-planning/` and NEVER reads files outside this directory, makes actual bookings, accesses email/calendar, or stores payment information. It also mandates user consent for storing limited sensitive data like passport expiry dates and explicitly forbids storing full document images. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, obfuscation, or malicious prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Travel plans, passport or visa status, insurance references, emergency contacts, and related details could remain on disk and be reused in later sessions.
The skill persistently stores travel memory and may store sensitive document-related details. The consent language and scoped directory make this purpose-aligned, but users should be aware of the privacy implications.
Memory lives in `~/travel-planning/` ... `documents/ # Passport, visa info, insurance` ... `Only store document info if user explicitly shares it`
Only save sensitive travel information when necessary, avoid storing full document numbers or images, and provide a clear way for the user to review or delete `~/travel-planning/`.
The agent may remember when to invoke this travel-planning behavior in future conversations.
The skill asks to persist activation preferences outside the travel folder into main agent memory, affecting future sessions.
Save their answer to their MAIN memory so other sessions know when to use this skill.
Ask explicitly before saving cross-session activation preferences and tell the user how to change or remove them.
A user might not realize their travel information is being written to persistent local files unless they ask.
The onboarding style may not proactively explain storage before sensitive travel details are saved, although it does say to explain openly if asked.
Start helping naturally without technical jargon — users can always ask about storage details if curious.
Briefly disclose where information is stored before saving sensitive document, medical, booking, or group-travel details.