Back to skill
Skillv1.0.0
ClawScan security
差旅预订助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 30, 2026, 9:57 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to integrate with Booking.com Affiliate API but the code uses placeholder credentials and simulated responses while the SKILL.md does not declare or request the required API credentials — this mismatch is inconsistent and may mislead users.
- Guidance
- This skill claims to fetch live data from Booking.com but the packaged code uses placeholder credentials and returns mocked results; the SKILL.md also requires an API Key yet the skill does not declare any required environment variables or a way to provide credentials. Before installing or using: (1) confirm the skill's source and trustworthiness; (2) ask the author to make credential handling explicit and secure (e.g., require BOOKING_API_KEY and BOOKING_AFFILIATE_ID as env vars or platform secrets rather than hard-coding); (3) verify that the skill actually performs live API calls and does not present mocked or fabricated data; (4) avoid editing source to insert secrets — prefer a secure secret injection mechanism; (5) if you need live booking capability, request a version that documents authentication, rate limits, and returns real API responses. If you cannot confirm these, treat the skill as unreliable and do not provide real credentials.
Review Dimensions
- Purpose & Capability
- concernThe skill's name and description state it uses Booking.com Affiliate/API data, but the shipped code contains BOOKING_API_KEY and BOOKING_AFFILIATE_ID set to placeholder strings and many API calls are marked TODO or return mocked data (e.g., search_hotels returns mock_hotels). The skill does not declare any required environment variables or a primary credential even though the SKILL.md explicitly says an API Key (affiliate) is required. This is a clear mismatch between claimed capability (live Booking.com integration) and actual delivered capability (mocked/stubbed behavior).
- Instruction Scope
- concernSKILL.md instructs the agent must call Booking.com Affiliate API and not fabricate data, but the included implementation purposely returns simulated data and leaves real API calls as TODO. The instructions and the code contradict each other: the agent may be expected to present live data but the code will return mock content unless credentials and code changes are applied. The SKILL.md does not specify how credentials should be provided at runtime (no env var or config path declared).
- Install Mechanism
- okThere is no install spec (instruction-only install), and the only binary requirement is python3. No external downloads or archive extraction are defined. The risk from installation mechanics is low.
- Credentials
- concernThe skill logically requires Booking.com credentials (SKILL.md and booking_api.py reference an API key and affiliate ID), yet requires.env is empty and no primary credential is declared. Credentials are hard-coded as placeholders in booking_api.py instead of being read from environment variables or a declared config path. This omission forces insecure workarounds (editing source to add keys) or will result in the skill using mocked data — either case is problematic.
- Persistence & Privilege
- okThe skill does not request always:true, has no OS restrictions, and does not appear to modify other skills or system-wide agent settings. Autonomous invocation remains enabled (platform default) but is not combined with other high-risk indicators here.