Back to skill
Skillv1.0.9
ClawScan security
aigo hotel search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 6:05 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with a hotel-search helper and it does not ask for user secrets or install code, but it relies on the agent to correctly strip PII before queries and embeds a public API key in the SKILL file.
- Guidance
- This skill appears to do what it says (hotel search) and doesn't ask you to provide secrets or install code, but you should: 1) Confirm the MCP endpoint (https://mcp.aigohotel.com) and the embedded key are legitimate and truly 'public' before relying on them; 2) Ensure your agent/platform actually implements the required PII-stripping (test with inputs containing names/phones to see if they are removed); 3) Avoid sending real personal data in queries (names, phones, emails, IDs); 4) If you need accountability or higher quotas, consider using your own API key rather than the embedded public key; and 5) Review any privacy policy or terms for the MCP service to understand data retention and processing.
Review Dimensions
- Purpose & Capability
- okThe name/description (hotel search with filters) matches the declared tools (searchHotels, getHotelDetail, getHotelSearchTags) and there are no unrelated environment variables, binaries, or install steps requested. The embedded public MCP key and MCP URL are coherent with the described MCP-based API usage.
- Instruction Scope
- noteSKILL.md is instruction-only and confines transmitted data to structured search parameters. However, it places responsibility on the agent runtime to remove PII from originQuery and to perform filtering; if the agent implementation fails to follow that, user PII could be sent. The instructions do not request reading local files or unrelated system data.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or fetched during installation. This is the lowest install risk profile.
- Credentials
- noteThe skill requests no user credentials or env vars. It embeds a bearer token (mcp_7d31559a...) in the SKILL.md and shows it in the MCP config; the skill claims this token is a public community API key (non-secret) which explains why no secret is requested. Verify the token truly is public and rate-limited as claimed before trusting it in production.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only. The skill does not request persistent platform-level privileges, nor does it attempt to modify other skills or system-wide settings.