ClawHub

Agent Hotel Booking

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI02: Tool Misuse and Exploitation
What this means

An agent using this skill may perform real booking-related actions if connected to a live Brek partner account.

Why it was flagged

The skill can drive write-like booking, payment-confirmation, and cancellation events through the Brek API. This is central to the stated hotel-booking purpose and includes idempotency safeguards, but the actions can have real financial or travel consequences.

Skill content
When `kind` is one of: ... `action_book_option` ... `action_confirm_payment_card` ... `action_cancel_booking` ... Always include `idempotencyKey`.
Recommendation

Use this only with clear user intent and require explicit confirmation before booking, cancellation, payment confirmation, or price-change confirmation events.

Note
ASI03: Identity and Privilege Abuse
What this means

Installing or using the skill means delegating Brek partner API access to the agent runtime.

Why it was flagged

The skill requires a Brek partner API key and base URL. This is expected for the integration, but the registry requirement summary says no env vars or primary credential, so users may not see the credential requirement before reading the skill text.

Skill content
metadata:\n  required_env_vars: BREK_BASE_URL,BREK_PARTNER_API_KEY\n  primary_credential: BREK_PARTNER_API_KEY
Recommendation

Declare the credential in registry metadata, store the key in a secret manager, restrict it to the minimum needed scope, rotate it if exposed, and ensure BREK_BASE_URL points only to the approved Brek endpoint.

Note
ASI06: Memory and Context Poisoning
What this means

Usage records may persist beyond the chat session and could reveal which users or tenants made booking-related API calls.

Why it was flagged

The skill instructs implementers to persist per-call usage records and reconcile them for billing. This is purpose-aligned, but it stores user/session identifiers and does not define a retention period for the billing log.

Skill content
Store one immutable event per call: ... `partnerId`, `actorId`, `sessionId`, `endpoint`, `requestId`, `statusCode` ... Run daily reconciliation job
Recommendation

Document retention, access controls, and deletion policy for metering logs, and avoid storing raw payment data or unnecessary chat content.