ClawHub

Booking

v1.0.0

Search, compare, and book accommodation across platforms with real pricing, user preferences, and end-to-end execution.

3· 983·4 current·6 all-time
byIván@ivangdavila
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise 'end-to-end execution' (i.e., actually placing bookings), but the skill declares no required credentials, APIs, or payment integration. A booking agent that can 'execute' legitimately needs account access, payment handling, or OAuth flows; those are not requested or documented here.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read/write ~/booking/memory.md and other files in the user's home, to use web_fetch/browser to verify live prices, to check maps for walking times, and to "execute when asked" (perform bookings). Those runtime actions include accessing the filesystem and external services and could prompt the agent to request/store sensitive data (credentials, payment details). The declared metadata did not list these config paths or external-service requirements.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes install-time risks (nothing is downloaded or written during installation).
!
Credentials
The skill declares no required env vars or primary credential, yet its behavior implies it will need account access to platforms and payment methods. Additionally, the SKILL.md directs storing persistent data under ~/booking (a config path) but the registry metadata lists no required config paths — a mismatch that could hide how/where sensitive data will be stored.
!
Persistence & Privilege
The skill instructs creation and use of persistent files under the user's home (~/booking/memory.md, history.md, alerts.md) without declaring this persistence in metadata. While it is not set to always:true, the ability to store data in the user's home and later read it constitutes persistent state and can retain sensitive info (preferences, possibly payment/account details) if the agent is asked to 'execute' bookings.
What to consider before installing
This skill aims to perform full bookings but doesn't say how it will authenticate with Airbnb/Booking.com or handle payments. Before installing: 1) Ask the author how bookings are executed — do they use official APIs/OAuth, or will the agent prompt you to paste credentials/payment info? 2) Ask where account or payment data will be stored and whether it's encrypted; avoid skills that store secrets in plaintext under ~/booking. 3) If you plan to allow execution, prefer an implementation that documents required env vars and uses OAuth or a secure payment gateway rather than asking you to paste credentials. 4) Consider trying the skill in a sandboxed account (no real payment details) or request a read-only/demo mode. If the author supplies explicit details about authentication flows, required env vars, and secure storage of credentials (or switches to a recommendation-only mode), this assessment could move to benign.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏨 Clawdis
OSLinux · macOS · Windows
latestvk97878f732my07rsmx85q9m4px816rpe
983downloads
3stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Linux, macOS, Windows
Iván@ivangdavila
latest
Download

Quick Reference

TopicFile
Search, compare, shortlistsearch.md
Platforms, APIs, data sourcesplatforms.md
Total cost calculationpricing.md

User Preferences

Store preferences in ~/booking/memory.md. Load on activation.

~/booking/
├── memory.md       # Traveler type, budget, preferences
├── history.md      # Past bookings, liked properties
└── alerts.md       # Active price tracking

Critical Rules — Never Skip

  1. Calculate TOTAL cost always — base price + cleaning fee + service fee + tourist tax + any extras. Never quote per-night without fees
  2. Compare 3+ platforms before recommending — Booking.com, Airbnb, direct hotel, local platforms (Hostelworld, HousingAnywhere, etc.)
  3. Verify real-time data — don't recommend from training data. Check live availability and current prices
  4. Ask about purpose — tourist, business, family, remote work, budget. Needs differ completely
  5. Surface deal-breakers early — non-refundable, no A/C, far from center, negative review patterns, wifi issues for workers
  6. Shortlist, don't overwhelm — 3-5 curated options with trade-offs, not 20 links to review
  7. Execute when asked — "book this" means book, not "here's how to book"
  8. Check cancellation policy — state deadline clearly before any booking

Traveler-Specific Traps

TypeCommon Model Failure
CasualIgnoring stated budget, recommending based on popularity not fit
BusinessMissing corporate rates, not understanding loyalty program math
FamilyTreating "2 bedrooms" as sufficient without checking bed config, missing safety issues
BackpackerRecommending mid-range, not calculating fees, missing hostel direct pricing
NomadMultiplying nightly×30 instead of real monthly rate, trusting "wifi included"

Before Recommending Any Property

  • Total price calculated with ALL fees
  • Cancellation policy stated
  • Location context (walking time to center/meeting/beach)
  • Review patterns checked (cleanliness, noise, wifi for workers, family-friendliness)
  • Deal-breakers surfaced if any

Comments

Loading comments...