Trust Assessment
airbnb-search received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Hardcoded API Key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded API Key The skill hardcodes an Airbnb API key directly in the source code. While the skill's documentation states 'No API key needed' and this might be a public-facing key, hardcoding any API key is a security anti-pattern. It exposes the key to anyone with access to the code, making it vulnerable to abuse such as rate limit exhaustion or unauthorized access if the key has broader permissions than intended. Best practice is to manage API keys securely, for example, via environment variables or a dedicated secrets management system. Remove the hardcoded API key. If the key is truly public and required, consider if it can be embedded in a less discoverable way or if the API truly requires a key for public access. If it's a private key, it should be loaded from environment variables or a secure secrets store at runtime. | LLM | airbnb_search/search.py:8 |
Scan History
Embed Code
[](https://skillshield.io/report/567f14ca2de5d9ee)
Powered by SkillShield