Airbnb Search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: airbnb-search Version: 0.1.4 The OpenClaw skill 'airbnb-search' is benign. Its primary function is to search Airbnb listings using their public frontend API, which is clearly stated and implemented in `airbnb_search/search.py`. The code uses standard Python libraries (`requests`, `argparse`), handles input safely, and does not exhibit any signs of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `AGENTS.md`. The hardcoded API key is explicitly noted as a public key used by Airbnb's website, not a sensitive credential.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your destination, dates, price filters, and related search options may be sent to Airbnb to retrieve results.
The skill makes a direct external API request to Airbnb using the user's search parameters. This is expected for an Airbnb search tool, but users should know their search terms and travel filters are sent to Airbnb.
API_URL = 'https://www.airbnb.com/api/v3/ExploreSearch' ... response = requests.get(full_url, headers=headers)
Use it for searches you are comfortable sending to Airbnb, and keep searches user-directed.
The tool does not need your Airbnb account credentials, but it relies on a public Airbnb API key that may change or be rate-limited.
The skill discloses that it uses a hardcoded Airbnb frontend API key rather than a user-provided credential. The code does not show user account login, cookies, or authenticated account actions.
No user API key needed — uses Airbnb's public frontend API key (hardcoded, same key used by airbnb.com in the browser)
Do not provide personal Airbnb credentials to this skill; expect it to work only as long as Airbnb's public frontend API behavior remains compatible.
Running the example may download Python package dependencies from package repositories.
The documented quick-run path uses package tooling to resolve a dependency at runtime. This is a normal setup pattern for a Python CLI, but it depends on package-source trust and version resolution.
`requests` library (auto-installed via `uv run --with`)
Install from trusted PyPI/GitHub sources, and pin versions or use a lockfile if using this in repeatable or sensitive workflows.