Openclaw Otto Travel
WarnAudited by ClawScan on May 11, 2026.
Overview
This looks like a real Otto Travel integration, but after OAuth it can make travel bookings and the artifacts do not show a clear confirmation step for booking actions.
Install only if you trust Otto Travel with your trip details and account access. Before authorizing, set OpenClaw or gateway policy to require explicit human confirmation for flight and hotel bookings, and remove or revoke the stored token when you no longer want the plugin to act on your account.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent calls the booking tools too early or misinterprets a user request, it could create real flight or hotel bookings and potential charges.
The plugin exposes booking tools that can commit travel purchases using IDs and skill keys, while the provided tool schema does not require a `confirmed` flag or preview step for booking. The cancel tool separately advertises a two-step confirmation flow, making the missing booking confirmation boundary notable.
{ name: "book_flight", description: "Book a flight by flight_id." ... required: ["intent", "flight_id", "skill_keys"] } ... { name: "book_hotel", description: "Book a hotel room by room_id." ... }Only install with a tool-use policy that requires explicit human approval before `book_flight` or `book_hotel`, and prefer a booking preview/confirm workflow or spending limits from the publisher.
After authorization, the plugin can continue using the Otto account until the token is removed or revoked.
The skill clearly discloses OAuth authorization and persistent refreshable tokens. This is expected for a travel-account integration, but it grants delegated authority to manage bookings and travel data.
Ask the agent to call `otto_setup`... approve access, and all travel tools become available in the same session. Tokens are stored at `~/.openclaw/.otto-tokens.json` and refresh automatically.
Authorize only an account you intend to use with OpenClaw, review the account permissions during OAuth, and delete `~/.openclaw/.otto-tokens.json` or revoke access when no longer needed.
Stored preferences or loyalty numbers could be exposed to the agent/provider service or used in later bookings.
The skill can read and write persistent travel preferences and loyalty-program identifiers. This is purpose-aligned, but those records are sensitive personal/account context that may influence future travel actions.
`read_preferences`, `write_preference` — travel preferences; `read_loyalty_programs`, `write_loyalty_program` — frequent flyer & hotel loyalty
Store only the travel preferences and loyalty identifiers you are comfortable sharing with this integration, and periodically review or remove saved entries.
Travel details and booking actions are shared with the configured Otto MCP server.
Tool calls are proxied to a remote MCP endpoint with a bearer token. This is the expected integration mechanism, but it means travel-search details, booking arguments, and authorization data cross the local/provider boundary.
new StreamableHTTPClientTransport(new URL(this.serverUrl), { requestInit: { headers: { Authorization: `Bearer ${token}` } } }) ... this.client.callTool({ name, arguments: args })Use the default trusted Otto endpoint unless you intentionally configure another server, and avoid sending sensitive trip details unless needed.
Provider-supplied tool guidance could shape how the agent performs travel tasks.
The agent is expected to read provider-supplied guidance before using other tools. That is coherent for this MCP workflow, but retrieved instructions should not override the user's goals or safety requirements.
{ name: "read_skill", description: "Read a skill guide and get a key required by all other tools. Call this FIRST." }Treat `read_skill` output as tool documentation only, and keep user approval requirements above any remote usage guidance.