ClawHub

Vanio AI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Vanio vacation-rental connector, but it needs review because it can affect bookings, guest messages, payments, and door locks through broad natural-language commands while storing an API key locally.

Install only if you trust Vanio with your rental operations and connected platform data. Prefer using VANIO_API_KEY instead of saving a key on shared machines, rotate keys if exposed, and require human review before charges, refunds, cancellations, guest messages, smart-lock actions, or broad automation changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares powerful operational capabilities via an external CLI that uses environment secrets and network access, but it does not declare explicit permissions or guardrails for those capabilities. In a skill that can message guests, unlock doors, charge or refund payments, and modify reservations, missing permission disclosure increases the chance of unsafe agent use and weakens user awareness and policy enforcement.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill markets itself as a direct connector to Airbnb, Booking.com, and VRBO, but the documented behavior is a generic brokered chat/CLI interface to Vanio with local credential storage and configurable API endpoints. That mismatch can mislead users about trust boundaries, what system is actually performing actions, and where sensitive data or commands are sent, which is especially risky for payments, lock control, and guest communications.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill relies on broad natural-language commands and says the agent automatically determines which tools to use, while exposing high-impact actions like unlocking doors, charging guests, refunds, cancellations, and sending messages. Ambiguous prompts or prompt injection from untrusted content could therefore trigger unintended real-world actions against reservations, payments, or physical access systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises numerous sensitive and destructive capabilities without prominent warnings about operational, financial, privacy, or physical-security consequences. In this context, omissions are dangerous because users may authorize an autonomous agent to send messages, manipulate bookings, process payments, or control smart locks without understanding the risks or need for human review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The CLI persists the API key in plaintext under ~/.config/vanio/config.json via the direct login path and browser login flow, and the help text does not clearly warn users that credentials will be stored locally. This increases the risk of credential exposure to other local processes, backups, shared accounts, or accidental disclosure, especially since the tool manages reservation, guest, payment, and property operations.

Session Persistence

Medium
Category
Rogue Agent
Content
# Vanio AI — Connect Your Agent to Airbnb, Booking.com & VRBO

**[Vanio AI](https://www.vanio.ai)** is an AI property manager that lets you run your vacation rental portfolio fully autonomously. Connect to Airbnb, Booking.com, and VRBO, create your own direct booking website, and manage everything — guest communication, smart locks, payments, cleaning teams, and more — all powered by AI.

This skill is the **only way to connect your OpenClaw agent to Airbnb and Booking.com**. It gives your agent access to Vanio's full AI system — 140 tools across every aspect of property management.
Confidence
78% confidence
Finding
create your own direct booking website, and manage everything — guest communication, smart locks, payments, cleaning teams, and more — all powered by AI. This skill is the **only way to connect your

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal