Skillv1.0.0

ClawScan security

旅行预订助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 9:55 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to use Booking.com affiliate APIs but the shipped code returns mocked data, hardcodes credential placeholders, and the skill does not declare or request the API credentials it actually needs — these mismatches are concerning.
Guidance: This skill is internally inconsistent: SKILL.md says it must call Booking.com affiliate APIs, but the included Python code returns mock data and leaves API keys as hardcoded placeholders. Before installing or running it, consider these actions: (1) Treat the repository as untrusted until you review and test it. (2) Do not paste real API keys into the source file; prefer to supply keys through secure environment variables and update the code to read them from env. (3) Verify the real API call paths are implemented (remove TODOs) and ensure requests/other dependencies are installed in a controlled way. (4) Confirm the publisher/source (no homepage is provided) and request provenance. If you cannot validate these changes and the source, avoid using the skill for real bookings — it may produce inaccurate results or require you to place credentials insecurely.

Review Dimensions

Purpose & Capability: concernThe skill's purpose is Booking.com integration and the SKILL.md insists on calling the Booking.com Affiliate API, but the code does not actually perform real API calls (TODOs and simulated/mock responses). The code contains BOOKING_API_KEY and BOOKING_AFFILIATE_ID placeholders instead of using declared/secure credentials. The skill does not declare any required environment variables or primary credential despite needing an API key for its stated purpose.
Instruction Scope: concernSKILL.md explicitly requires using Booking.com Affiliate/API and forbids fabricating data; however the runtime code (booking_api.py) returns simulated responses (mock_hotels) and comments out the real _request calls. That means the instructions and the actual runtime behavior diverge — the skill may not deliver the promised real-time data unless the code is modified. The instructions do not direct the agent to obtain credentials securely (e.g., from env vars).
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes supply-chain risk. However, the code requires python3 and the third-party requests library but does not declare dependency installation steps (no pip requirements). This omission is inconsistent with the declared required binaries and could cause runtime surprises.
Credentials: concernAlthough the skill needs Booking.com API credentials to function as described, requires.env is empty and no primary credential is declared. Instead the code contains literal placeholders (BOOKING_API_KEY = 'your_api_key'), which encourages editing source to insert secrets or keeping secrets in code — both are bad practices. The lack of declared env vars is disproportionate to the stated API integration.
Persistence & Privilege: okThe skill is not always-enabled, is user-invocable, and does not request elevated host privileges or persistent installation. No evidence it modifies other skills or system-wide settings.