Back to skill

Security audit

Airbnb Search

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Airbnb search tool that sends user-directed travel search details to Airbnb and does not show hidden access, persistence, or destructive behavior.

Reasonable to install for read-only Airbnb searches. Use it only for travel searches you are comfortable sending to Airbnb, do not provide Airbnb login credentials or cookies, and prefer repeatable installs with current patched dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs outbound network access to Airbnb, but the manifest does not declare any permissions. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill can contact external services, send user-supplied queries and dates off-box, or be subject to remote content and tracking behavior.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README explicitly promotes direct Airbnb API usage but does not disclose that user-entered destinations, dates, and pricing filters are transmitted to Airbnb. In an agent-skill context, users may assume a local search capability, so the missing privacy notice can lead to unintentional disclosure of travel plans and preferences to a third party.

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: pytest — 2 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling); CVE-2025-71176 (pytest has vulnerable tmpdir handling)

High
Category
Supply Chain
Confidence
84% confidence
Finding
pytest

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.