ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Booking Extranet Manager

v1.1.0

Manage Booking.com properties — download reservations, list/reply to guest messages, update rates. Wraps a Python CLI that automates the Booking.com extranet...

0· 46·0 current·0 all-time
byMatsei Ruka@matsei-ruka
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md clearly requires BOOKING_USERNAME, BOOKING_PASSWORD (and optionally PULSE_TOTP_SECRET) plus BOT_DIR and a local Python environment to run a CLI that controls Chrome. The registry metadata listed no required env vars or primary credential — that is inconsistent. The credentials and filesystem access requested are coherent with the described purpose, but the published metadata not declaring them is a red flag (either metadata is incomplete or the package was mis-declared).
!
Instruction Scope
Runtime instructions tell the agent/user to read a .env file for credentials, activate a venv and run $BOT_DIR/cli.py, persist browser session in .chrome-data/, and use Chrome remote debugging on localhost:9222. Those actions are aligned with automating the extranet but they require filesystem access to sensitive artifacts (credentials, browser session cookies) and the ability to interact with a local browser debugging port — this expands scope beyond a simple API wrapper and should be explicitly acknowledged in metadata and security review.
Install Mechanism
This is an instruction-only skill (no install spec included). The SKILL.md recommends cloning a GitHub repo and pip installing requirements, but the skill itself does not perform downloads or write to disk. Instruction-only format is lower-risk from an install perspective; however following those instructions will install code from the referenced GitHub repo, so users should inspect that repo before running the install steps.
!
Credentials
The credentials requested by the SKILL.md (Booking login, password, optional TOTP secret) are reasonable for a tool that logs into the Booking.com extranet, and BOT_DIR is necessary to locate the CLI. However the registry claims no required environment variables/credentials — an incoherence. Also persisting TOTP secret and browser session locally increases the sensitivity of stored data; requiring these should be explicitly declared and justified in registry metadata.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). It instructs persisting browser sessions in .chrome-data/ (session cookies, auth tokens) and optionally a TOTP secret in .env — this is useful for automation but increases attack surface on the host. Autonomous invocation is allowed by default; combine that with stored credentials only if you trust the runtime and the code in the referenced repo.
What to consider before installing
Do not install blindly. Key points to consider before using: 1) Metadata mismatch: the skill's SKILL.md requires Booking credentials and BOT_DIR, but the published registry metadata lists none — ask the publisher to correct the metadata or proceed with caution. 2) Credentials and TOTP: the tool expects a .env file with your login/password (and optional TOTP seed). Storing these on disk and persisting Chrome session cookies (.chrome-data/) exposes sensitive tokens on the machine — store them only on a dedicated, secured host and rotate credentials after testing. 3) Inspect upstream code: the skill is instruction-only but points to a GitHub repo; review that repository's code (especially network calls and any telemetry/exfiltration) before cloning and pip installing. 4) Isolate execution: run the bot in a sandboxed VM or dedicated machine (or container) with an account that has limited access. 5) Chrome remote debugging: ensure localhost:9222 is not exposed to other hosts and that you understand how to start Chrome safely for remote debugging. 6) Prefer principle of least privilege: if Booking offers API tokens or scoped access, prefer those over full account passwords and persisted TOTP seeds. If you cannot review the repo or are uncomfortable with on-disk credentials/session persistence, treat the skill as untrusted and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c96et40zbp0m2ga9e7ddemn83jh65

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
BOT_DIRrequiredAbsolute path to the booking-extranet-bot directory
BOOKING_HOTEL_IDoptionalDefault property hotel ID (optional, used when --hotel-id is omitted)

Comments