hotel-recommendation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the package gives that third-party CLI code the ability to execute locally, which is expected for this skill but still worth reviewing.
The skill depends on installing or executing an external package named rollinggo through package managers, and the install specs do not show a pinned version.
[0] node | package: rollinggo | creates binaries: rollinggo; [1] uv | package: rollinggo | creates binaries: rollinggo
Install rollinggo only from a trusted package source, consider pinning a known-good version if your environment supports it, and prefer isolated environments for first use.
Anyone with access to the API key may be able to use the associated hotel API account or quota.
The skill requires and passes a service API key to the RollingGo hotel API. This is expected for the stated hotel-search integration.
primaryEnv: "AIGOHOTEL_API_KEY" ... 解析顺序:`--api-key` 参数 → `AIGOHOTEL_API_KEY` 环境变量。
Store the API key only in trusted environments, avoid pasting it into shared chats or logs, and rotate it if it is exposed.
The agent may send additional or broader hotel search requests than the user initially specified, which could affect API usage or search privacy.
The instructions allow the agent to run a sequence of CLI/API queries and retry with relaxed filters. The actions are read-only and hotel-related, but they may broaden the search and make extra API calls.
除非用户已经把问题限定在某个具体步骤,否则按顺序执行:... 执行 `search-hotels` ... 执行 `hotel-detail` ... 如果结果不理想 → 放宽筛选条件后重新搜索
Set clear limits for dates, budget, distance, result count, and when the agent should ask before broadening the search.
Travel plans, dates, party size, and similar preferences may be shared with the hotel service to produce results.
Hotel searches send trip intent, destination, dates, and occupancy details through the RollingGo CLI/provider flow. This is necessary for the skill but involves user travel data.
rollinggo search-hotels ... --origin-query "查找东京迪士尼附近的酒店" --place "东京迪士尼" ... --check-in-date 2026-04-01 ... --adult-count 2
Provide only the details needed for the search, avoid unnecessary personal information, and review the provider’s privacy practices if the trip details are sensitive.