Dataify Google Maps

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Dataify Google Maps API helper that requires user confirmation before sending map-search parameters and a token to Dataify.

Install this only if you intend to use Dataify for Google Maps lookups. Review the confirmation table carefully before approving calls, avoid sending sensitive home/work locations unless necessary, and prefer `DATAIFY_API_TOKEN` over passing tokens on the command line.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger description is broad enough to activate on common map-related conversation, which can cause the skill to run in contexts the user did not clearly intend. In this skill, unintended activation is more concerning because the workflow collects parameters and can lead to real external API calls if the conversation continues, creating risk of unnecessary data disclosure or action confusion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal