Env credential access
Critical
- Finding
- Environment variable access combined with network send.
hkroute
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Hong Kong transit-routing skill that uses a Google Maps API key and public ETA data for its stated purpose, with some normal credential, cache, and dependency considerations.
This skill is reasonable to install if you trust the package source and need Hong Kong transit routing. Provide a restricted Google Maps Directions API key, remember that route locations are sent to Google and public/operator ETA services, and be aware that it writes a small public ETA cache under ~/.cache/hk-route.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
Low
What this means
Your Google Maps key may be used for route queries and may consume quota or billing; the route origin and destination are sent to Google for directions.
Why it was flagged
The skill reads a Google Maps API key from the environment and uses it for route lookup, which is disclosed and central to the stated purpose.
Skill content
const apiKey = process.env.GOOGLE_MAPS_API_KEY; ... getDirections(qualifyLocation(origin), qualifyLocation(destination), apiKey, departureDate);
Recommendation
Use a restricted Google Maps API key limited to the Directions API where possible, and only query locations you are comfortable sending to Google.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
Rebuilding from source could pull dependency versions different from the reviewed bundle.
Why it was flagged
If a user rebuilds the bundled script, caret version ranges can resolve to newer dependency versions; no lockfile is included in the manifest.
Skill content
"dependencies": { "@googlemaps/google-maps-services-js": "^3.4.2", "hk-bus-eta": "^3.7.8" }, "devDependencies": { "esbuild": "^0.25.0" }Recommendation
Prefer the reviewed bundled script, or use a lockfile/pinned dependency versions before rebuilding in higher-assurance environments.
#
ASI06: Memory and Context Poisoning
Info
What this means
The cache is not user query history, but if the local cache is corrupted or tampered with, route matching or ETA results could be inaccurate until refreshed.
Why it was flagged
The skill persists the public ETA database locally and reuses it for later route lookups.
Skill content
const CACHE_FILE = join(CACHE_DIR, "etaDb.json"); ... await writeFile(CACHE_FILE, JSON.stringify(db));
Recommendation
If results look wrong, delete ~/.cache/hk-route/etaDb.json to force a fresh public ETA database download.