ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Go Hotel

v1.0.1

A Skill for searching hotels and querying prices via AIGoHotel MCP (searchHotels / getHotelDetail / getHotelSearchTags)

0· 547·0 current·0 all-time
by乌萨奇大帝@qiao101660
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, README, and SKILL.md consistently describe a hotel-search MCP integration (searchHotels / getHotelDetail / getHotelSearchTags). Calling an external MCP server is expected for this purpose. However, the repo includes a hard-coded Authorization header (Bearer token) in mcp.json rather than declaring a credential requirement or instructing the integrator to provide their own API key.
Instruction Scope
SKILL.md gives focused instructions for mapping user requests to the three MCP calls and explicitly warns not to fabricate values. It does not instruct the agent to read system files or unrelated environment variables. The only scope discrepancy is that the documentation explains passing API keys via headers, yet a key is already embedded in the provided mcp.json.
Install Mechanism
This is an instruction-only skill with no install spec or code to download — lowest-risk installation mechanism. Nothing is written to disk by an installer here.
!
Credentials
No required env vars or primary credential are declared, yet mcp.json contains an embedded Authorization header (Bearer mcp_4fcc9465...). Embedding a secret in the skill bundle is unexpected and disproportionate: either the skill should declare the credential (so the user supplies their own key) or it should not contain an API key at all. The presence of a baked-in token and an unknown upstream/homepage is a risk (possible misuse of a leaked/shared key or unintended exfiltration).
Persistence & Privilege
The skill does not request persistent installation privileges (always:false) and does not modify other skills or system-wide configs. Autonomous invocation is allowed (default) but not exceptional here.
What to consider before installing
This skill appears to be a legitimate hotel-search integration, but it ships with a hard-coded API key inside mcp.json and has no declared source or homepage. Before installing: (1) Treat the embedded 'Bearer mcp_...' token as sensitive — it may be a real API key or a leaked/stubbed one. Ask the publisher whether you should replace it with your own key. (2) Prefer skills that require you to provide credentials via environment variables or a secure config rather than bundling them. (3) If you must use this skill, remove the embedded token and configure the MCP Authorization header to use your own API key, or confirm the origin and intended usage of the embedded key. (4) If you cannot verify the publisher or purpose of the included key, avoid installing or running the skill with autonomous invocation enabled.

Like a lobster shell, security has layers — review code before you run it.

hotelvk97efnyd8hfaypcd1jsvr0pngh81vvb5latestvk97efnyd8hfaypcd1jsvr0pngh81vvb5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments