Skillv1.0.1

ClawScan security

AI Go Hotel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 4:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do exactly what its name says (hotel search via an MCP server), but it contains an embedded API key in mcp.json and does not declare any required credentials — that mismatch and the unknown upstream/source make this package suspicious.
Guidance: This skill appears to be a legitimate hotel-search integration, but it ships with a hard-coded API key inside mcp.json and has no declared source or homepage. Before installing: (1) Treat the embedded 'Bearer mcp_...' token as sensitive — it may be a real API key or a leaked/stubbed one. Ask the publisher whether you should replace it with your own key. (2) Prefer skills that require you to provide credentials via environment variables or a secure config rather than bundling them. (3) If you must use this skill, remove the embedded token and configure the MCP Authorization header to use your own API key, or confirm the origin and intended usage of the embedded key. (4) If you cannot verify the publisher or purpose of the included key, avoid installing or running the skill with autonomous invocation enabled.

Review Dimensions

Purpose & Capability: noteThe name, README, and SKILL.md consistently describe a hotel-search MCP integration (searchHotels / getHotelDetail / getHotelSearchTags). Calling an external MCP server is expected for this purpose. However, the repo includes a hard-coded Authorization header (Bearer token) in mcp.json rather than declaring a credential requirement or instructing the integrator to provide their own API key.
Instruction Scope: okSKILL.md gives focused instructions for mapping user requests to the three MCP calls and explicitly warns not to fabricate values. It does not instruct the agent to read system files or unrelated environment variables. The only scope discrepancy is that the documentation explains passing API keys via headers, yet a key is already embedded in the provided mcp.json.
Install Mechanism: okThis is an instruction-only skill with no install spec or code to download — lowest-risk installation mechanism. Nothing is written to disk by an installer here.
Credentials: concernNo required env vars or primary credential are declared, yet mcp.json contains an embedded Authorization header (Bearer mcp_4fcc9465...). Embedding a secret in the skill bundle is unexpected and disproportionate: either the skill should declare the credential (so the user supplies their own key) or it should not contain an API key at all. The presence of a baked-in token and an unknown upstream/homepage is a risk (possible misuse of a leaked/shared key or unintended exfiltration).
Persistence & Privilege: okThe skill does not request persistent installation privileges (always:false) and does not modify other skills or system-wide configs. Autonomous invocation is allowed (default) but not exceptional here.