ClawHub

stayforge-api

v1.0.0

Hotel booking and accommodation search using StayForge API - hotel booking, hotel search, accommodation booking, hotel reservation, find hotels, book hotels,...

0· 248·0 current·0 all-time
by@jbennett111
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (hotel search & booking) align with instructions: examples show signing up for an API key and calling hotel/search and booking endpoints on stayforge.vosscg.com. Nothing requested is outside the stated purpose.
Instruction Scope
SKILL.md limits runtime actions to calling the StayForge API (signup, search, details, create booking) and asking the user for an email and booking guest details. It does not instruct reading local files, unrelated env vars, or exfiltrating data to unrelated endpoints. It does tell agents to 'store the key securely' but gives no storage specifics.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing will be written to disk by an installer. That is the lowest-risk install profile.
Credentials
The skill declares no required environment variables or credentials. It instructs obtaining a per-user API key via the API (expected for this kind of integration). There are no unexpected credential requests. Note: the skill will transmit user email and guest booking details to the stayforge.vosscg.com domain as part of normal operation.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform privileges or to modify other skills. The agent will be able to call it autonomously (platform default), which is normal for skills.
Assessment
This skill appears to do what it says (obtain an API key, search hotels, place bookings). However: the source and homepage are unknown and the API host (stayforge.vosscg.com) is not documented elsewhere in the skill — so verify the provider before sending real personal or payment information. Consider using a throwaway/test email and a test API key first, read the API's privacy/terms if you can find them, avoid entering payment details until you confirm the service is legitimate, and store any API key in a secure secrets manager rather than pasting it into chat. If you don't trust the external domain, do not proceed.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vcnhjdhmma3w46bhm8b3a9828t6k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments