Back to skill
Skillv3.1.0
VirusTotal security
Zillow × Airbnb Matcher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:13 AM
- Hash
- 825ba05bd9abc052472c37b6209ab575da71293ffdea42d239225c435d3585b7
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: zillow-airbnb-matcher Version: 3.1.0 The skill bundle appears benign. It is designed to cross-reference Zillow and Airbnb listings using RapidAPI, requiring a user-provided API key stored in a local `.env` file. All network calls are directed to legitimate RapidAPI endpoints as described in the documentation. There is no evidence of data exfiltration to unauthorized destinations, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the OpenClaw agent. A minor shell injection vulnerability exists in `scripts/install.sh` due to unsanitized use of `RAPIDAPI_KEY` in `sed` and `echo` commands, but this is a flaw in input handling rather than an indicator of intentional malice, especially given the expected alphanumeric nature of an API key.
- External report
- View on VirusTotal