Skillv1.0.0

ClawScan security

便捷旅行预订 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 11:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to aggregate multiple commercial hotel APIs but the provided files and SKILL.md do not show how credentials/configuration are supplied and several platform integrations are unimplemented—this mismatch warrants caution.
Guidance: This skill promises multi-platform hotel aggregation but the code contains TODO stubs for each platform and the package does not declare where API keys or credentials should be provided. Before installing or using it: (1) ask the author how/where platform credentials are configured and insist they be declared in requires.env or documented; (2) review the full aggregate_search/get_hotel_detail implementations (the provided snippet is incomplete) to confirm there are no hidden endpoints or unexpected data exfiltration; (3) run the code in a sandboxed environment and monitor network calls to verify it only contacts expected official APIs; (4) confirm you have legal permission / API agreements to query the named platforms; (5) if you must supply credentials, prefer creating least-privilege API keys and avoid reusing high-privilege account secrets. The current mismatch between claimed capabilities and required configuration is why I rate it suspicious.

Review Dimensions

Purpose & Capability: concernThe skill's name/description promise aggregation across many commercial platforms (携程, 美团, 分贝通, 同程, 华住会, 锦江). The code defines those data sources and base URLs, but the individual source search functions are TODO stubs (no real API calls implemented) and the skill declares no required environment variables or configuration mechanism for API keys/tokens. Aggregating real platform data would normally require credentials or scraping logic; the lack of any declared credentials/config path is disproportionate to the claimed capability.
Instruction Scope: noteSKILL.md instructs the agent to call each platform's APIs and forbids fabricating prices, which is appropriate conceptually. The instructions do not ask the agent to read unrelated system files or secrets. However, the SKILL.md demands 'must call platform APIs' but provides no guidance on where platform credentials/config are stored or how to authenticate, leaving broad implementation discretion.
Install Mechanism: noteNo install spec is provided (instruction-only), which is lower risk. However, the package includes two Python scripts that would be executed at runtime; there is no install or setup guidance for dependencies beyond requiring python3. Including runnable code without an install step is not inherently malicious but increases the chance the skill will fail or behave unexpectedly in different environments.
Credentials: concernThe skill requests no environment variables or primary credential, yet its intended function (calling multiple external OTA and group APIs) normally requires API keys, client secrets, or account-level credentials. The absence of declared credentials or config paths is an incoherence: either the skill is incomplete (placeholders) or it expects credentials to be supplied out-of-band (which should have been declared).
Persistence & Privilege: okThe skill is not flagged as always:true and does not request elevated/persistent privileges. It does not attempt to modify other skills or system-wide settings in the provided code. Autonomous invocation remains possible (platform default) but is not combined here with other high-risk factors.