Skills
skills/openclaw/skills/travel-search/Gen Agent Trust Hub

travel-search

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash script scripts/mcp-call.sh to facilitate communication with MCP travel servers using curl. This script handles session management and JSON-RPC payloads as part of its core travel search functionality.
  • [EXTERNAL_DOWNLOADS]: For Google Flights integration, the documentation references the installation of the flights (fli) Python library (pipx install flights). This is a third-party dependency required for that specific feature.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes and presents data retrieved from external travel APIs (Kiwi, Skiplagged, Trivago, and Ferryhopper).
  • Ingestion points: Tool outputs from curl calls to travel provider endpoints defined in flights.md, skiplagged.md, and others.
  • Boundary markers: None present; the skill does not explicitly prompt the agent to ignore instructions that might be embedded in the travel data.
  • Capability inventory: The skill uses curl for network requests and executes a local shell script (mcp-call.sh).
  • Sanitization: No explicit sanitization or validation of the JSON content returned from external travel providers is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:18 AM