Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Hotel Booking
v1.0.2Integrate with Brek Partner Core Chat API for hotel-search and booking assistant flows. Use when an agent needs to create or continue Brek chat sessions, sen...
⭐ 0· 499·0 current·0 all-time
by@leo9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's declared purpose (Brek Partner Core Chat for hotel search/booking) matches the runtime instructions and API templates: calls to BREK_BASE_URL, use of a partner API key, idempotency, rate-limiting and payment flow rules are appropriate for this integration. The required runtime inputs (actorId, workspaceId, partnerId, clientActionId) and storage requirements (idempotency store, budget/usage logs) also make sense for a booking/billing integration.
Instruction Scope
SKILL.md narrowly instructs how to create/reuse sessions, send events, enforce call-control, handle idempotency, and do payment setup without collecting raw card data. It does not ask the agent to read unrelated system files or exfiltrate data to third-party endpoints; all external calls are described as going to BREK_BASE_URL. The included references restrict behavior (e.g., never collect PAN/CVV) which reduces scope creep.
Install Mechanism
This is instruction-only with no install spec and no code files to execute. That means there is no automated download or install risk from the skill package itself. However, instruction-only status also means there is nothing to audit beyond the prose.
Credentials
The SKILL.md metadata lists BREK_BASE_URL and BREK_PARTNER_API_KEY as required_env_vars and sets BREK_PARTNER_API_KEY as primary_credential — which is appropriate for the described integration — but the registry-level requirements section at the top of the package claims 'Required env vars: none' and 'Primary credential: none'. This metadata mismatch is an incoherence: the skill will need an API key at runtime but the registry entry does not declare it. Verify which is authoritative. Apart from that, the set of secrets requested is limited and proportional to purpose.
Persistence & Privilege
The skill does not request always-on presence and is not marked always:true. It asks implementers to maintain local dedupe/budget/usage stores, which is reasonable for idempotency and billing; that implies persistent storage but not elevated system-wide privileges. The agents/openai.yaml file sets allow_implicit_invocation: false, which is a good restriction (prevents implicit invocation by default).
What to consider before installing
This skill appears to be what it says: a Brek partner core-chat integration. Before installing, verify these points: 1) Confirm which metadata is authoritative — the package registry claims no required env but SKILL.md requires BREK_BASE_URL and BREK_PARTNER_API_KEY; do not provide your API key until you resolve this discrepancy. 2) Ensure the platform will store BREK_PARTNER_API_KEY securely (encrypted at rest, access-controlled) and will not leak it in logs, prompts, or telemetry. 3) Enforce the idempotency, rate-limit, and budget controls described (dedupe store, budget kill-switch) — otherwise you may incur unexpected charges. 4) Because this is an instruction-only skill (no code to audit), run it in a least-privilege execution environment and review network egress policies so the agent can only call your intended BREK_BASE_URL. 5) Confirm the product enforces the SKILL.md's prohibition on collecting raw card data and that any payment flows rely on provider-hosted tokenized fields. If you cannot validate the registry/skill metadata mismatch or secure secret storage, treat the skill as high-risk and delay granting it access to real credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97f131xpxt920a9mgnrd9xr6181qxqw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.