Skillv1.0.1

ClawScan security

Google Hotels · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 10:03 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and required actions match its stated purpose (automating Google Hotels via a browser CLI); the only notable inconsistency is that the metadata doesn't declare the required agent-browser/command-line tools the SKILL.md actually uses.
Guidance: This skill appears to do what it says: automate Google Hotels searches using the agent-browser CLI. Before installing, confirm you have agent-browser and common CLI utilities (xxd, base64) available on the agent host—these are referenced in SKILL.md but not declared in the registry metadata. Understand that the skill will open web pages (Google and — optionally — individual hotel websites), so browsing may reach third-party sites (booking pages, hotel sites) after results are gathered; avoid entering any credentials into third-party pages unless you trust them. If you need stronger guarantees, ask the skill author to update the manifest to declare required binaries, or run the skill in an isolated environment. If you want to prevent autonomous browsing of third-party sites, ensure your agent's policy restricts follow-on navigation or disallow autonomous invocation for this skill.

Review Dimensions

Purpose & Capability: noteThe skill is clearly for automating Google Hotels searches and the SKILL.md provides detailed browser automation steps. However, the registry metadata lists no required binaries or primary credential, while the README and SKILL.md both require the agent-browser CLI (and implicitly use utilities like xxd and base64). This is a bookkeeping inconsistency but not evidence of malicious intent.
Instruction Scope: okRuntime instructions are narrowly scoped to opening Google Hotels pages, interacting with widgets (dates, guests, filters), snapshotting and parsing results. The skill does not instruct reading arbitrary local files, environment variables, or unrelated services. It does permit visiting a hotel's own website after presenting results (explicitly forbids navigating to OTAs during search), which is within the skill's stated purpose but introduces the usual web-browsing surface to third-party sites.
Install Mechanism: okThere is no install spec (instruction-only skill). That minimizes disk persistence and installer risk. The only risk is missing a declared dependency: the SKILL.md expects agent-browser and uses command-line utilities (xxd, base64) that must exist on PATH but aren't declared in the manifest.
Credentials: okThe skill requests no environment variables, credentials, or config paths. This is proportionate for a web-scraping/browser-automation helper.
Persistence & Privilege: okalways:false and no install actions—skill does not request elevated persistence. Model invocation is not disabled (platform default); because the skill is user-invocable and not forced 'always', this is an expected configuration.