AI Go Hotel
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s hotel-search purpose is coherent, but it embeds an undeclared bearer token for a remote MCP service, so users should review it before installing.
Review this skill before installing. The hotel-search functionality itself is coherent, but the package contains a hardcoded remote-service bearer token and sends travel search details to AIGoHotel. Avoid entering unnecessary personal details, and do not run the optional GitHub-based local server setup unless you independently trust that source.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Hotel searches may run under a shared or vendor-controlled credential, and the user cannot easily verify the account, quota, logging, or permissions behind that token.
The MCP client configuration embeds a bearer credential directly in the skill package. Because the metadata says no primary credential or environment variable is required, users are not clearly told whose credential this is, what it can access, or how it is scoped.
"Authorization": "Bearer mcp_4fcc...e0e7e"
Treat this as a Review item: the publisher should document the credential model, avoid shipping hardcoded secrets where possible, and use user-provided or clearly scoped service credentials.
Your travel plans and search preferences may be shared with the AIGoHotel MCP service as part of normal operation.
The configured MCP server is a remote AIGoHotel endpoint, so hotel search inputs such as destination, dates, guest counts, and preferences are sent outside the local agent.
"url": "https://mcp.aigohotel.com/mcp"
Use the skill only if you are comfortable sending hotel-search details to this external provider; avoid including unnecessary personal information in hotel queries.
If you follow the optional local deployment instructions, you would be trusting code and dependencies that were not reviewed here.
The README documents optional setup steps that fetch dependencies and run code from an external GitHub repository, but that code and its dependency lock state are not included in the reviewed artifact set.
git clone https://github.com/longcreat/aigohotel-mcp.git ... pip install -r requirements.txt ... python server.py
Do not run the optional local server setup unless you trust and separately review the external repository and dependency list.