Back to skill
Skillv1.0.1
VirusTotal security
AI Go Hotel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:31 AM
- Hash
- b11ec59bf4089fc94e6192475c93283b76e01cd7d3bb001a95516d732231cd73
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aihotel Version: 1.0.1 The skill's stated purpose and agent instructions in SKILL.md are benign, focusing on hotel search and booking. However, the `mcp.json` file contains a hardcoded bearer token (`mcp_4fcc9465759d47fab4881c5f26be0e7e`) for the `https://mcp.aigohotel.com/mcp` service. This is a significant security vulnerability, as it exposes a secret credential that could lead to unauthorized access or abuse of the external service if the skill bundle is distributed.
- External report
- View on VirusTotal