ClawHub

Hotel Booking AI

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This hotel-booking skill is purpose-aligned, but it handles bookings, payment initiation, and a reusable local credential with weak disclosure and controls.

Install only if you trust the booking service and publisher. Treat the user_key like a password: it is stored locally in plaintext and sent with booking requests. Be aware that hotel and guest details are sent to an external HTTP service, and review bookings carefully before letting the skill create, cancel, or initiate payment for an order.

SkillSpector (4)

By NVIDIA

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to perform booking and payment actions against an external HTTP API and to include a user_key, but it does not warn that personal data, booking details, and payment-related information will be transmitted to a third-party service. In a booking workflow, users may provide names, itinerary details, and payment selections, so the lack of disclosure and data-handling guidance increases privacy and misuse risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to delete `{baseDir}/user_key.txt` automatically on authorization failure without explicit user confirmation or warning. Although intended for re-authentication hygiene, this is still a destructive local action against stored credentials and could cause denial of service or unintended loss of a valid token if the error is transient, misclassified, or attacker-induced.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup flow tells the agent to persist a user-provided `user_key` to disk in `{baseDir}/user_key.txt` without any notice about storage, retention, access controls, or sensitivity of the credential. Storing reusable authentication material on disk increases the risk of credential theft, accidental reuse across sessions, or leakage to other skills/processes if the environment is shared or insufficiently isolated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to store a persistent authentication secret in a local file (`{baseDir}/user_key.txt`) and states it will be passed automatically on every tool call, but provides no guidance on file permissions, secure storage, rotation, or exposure risks. If the local workspace, logs, backups, or other skills/processes can read that file, the key could be stolen and used to impersonate the user against the booking system.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal