search-hotel
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent hotel-search skill, but it relies on an external RollingGo CLI package and an API key, so users should verify the package and service before use.
Before installing, verify that the RollingGo package and homepage are the service you intend to use, store the API key securely, and remember that hotel destinations, dates, occupancy, budget, and preferences may be sent to the provider. The artifacts do not show automatic booking, account mutation, hidden persistence, or destructive behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill may execute code from the external RollingGo package source.
The skill depends on an external CLI package rather than included reviewed code, and the install spec does not pin a version.
[0] node | package: rollinggo | creates binaries: rollinggo; [1] uv | package: rollinggo | creates binaries: rollinggo
Verify that the npm/PyPI package and homepage are the intended RollingGo project before installing, and prefer a trusted or pinned version where possible.
The agent may invoke the RollingGo command-line tool to perform searches and fetch hotel pricing when the user asks for hotel help.
The skill directs the agent to run local CLI commands using user-provided hotel search parameters. This is central to the skill's purpose and is not hidden.
Run these steps in order... Run `search-hotels` → parse JSON → extract `hotelId`; Run `hotel-detail --hotel-id <id>`
Review the search criteria before use, especially dates, occupancy, budget, and destination, and do not provide unrelated sensitive information in the query.
Anyone with the API key may be able to use the associated hotel search service quota or account access.
The skill requires a service API key for RollingGo hotel lookups. This is expected for the integration, but it is still credentialed access.
Resolution order: `--api-key` flag → `AIGOHOTEL_API_KEY` env var.
Prefer setting the key in a secure environment variable rather than pasting it into shared chats, logs, or command examples; rotate it if exposed.
Travel plans and hotel preferences entered into the skill may be sent to the RollingGo/hotel search service.
The documented CLI sends hotel search requests over the network, including destination and potentially dates, occupancy, budget, and preferences.
`rollinggo search-hotels --origin-query "<user's natural language request>" --place "<destination>" ...` and `Exit 0 success · 1 HTTP/network failure`
Use the skill only if you are comfortable sharing those hotel search details with the service, and avoid including unnecessary personal information.