Idealista
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: idealista Version: 0.1.0 The skill bundle is benign. It provides instructions to install the `idealista-cli` tool via `git clone` from a specified GitHub repository (https://github.com/quifago/idealista-cli) and then use it to query the Idealista API. API credentials are handled securely via environment variables or a local configuration file. All commands and instructions in `SKILL.md` are directly related to the stated purpose and show no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you install or update that CLI, you are trusting code outside this skill review.
The skill relies on an external GitHub CLI that is not included in the provided artifact set and is not pinned to a specific commit or release.
"install": [{"id": "git", "kind": "git", "label": "Install idealista-cli (git clone)", "url": "https://github.com/quifago/idealista-cli"}]Install idealista-cli only from a trusted source, review the repository or release, and pin a known version where possible.
Anyone who can read the environment variables or config file could use the Idealista API credentials and consume API access or quota.
The skill requires Idealista OAuth client credentials and documents a command that can persist them locally. This is expected for the stated API integration, but it is still account/API access material.
IDEALISTA_API_KEY = client_id; IDEALISTA_API_SECRET = client_secret ... python3 -m idealista_cli config set --api-key "<CLIENT_ID>" --api-secret "<CLIENT_SECRET>"
Use dedicated Idealista credentials, keep the config file private, avoid committing secrets, and rotate the key if it may have been exposed.
Search locations and property preferences may be shared with Idealista as part of normal API use.
The documented searches send location and housing-search criteria to the external Idealista API through the CLI. This is disclosed and central to the skill purpose.
python3 -m idealista_cli search --center "39.594,-0.458" --distance 5000 --operation sale --property-type homes
Only run searches with locations or criteria you are comfortable sending to Idealista, and review the provider's API privacy and terms if needed.