ClawHub

Get My Location

v1.1.0

Get current IP location info (country, province, city, coordinates) with multi-source fallback. No API key required.

0· 59·0 current·0 all-time
by@etmnb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (get current IP geolocation with multi-source fallback) matches the included code and SKILL.md. All network calls are to the listed public geolocation providers (freegeoip.app / api.ipbase.com / ip-api.com). No unrelated binaries, environment variables, or privileged accesses are requested.
Instruction Scope
SKILL.md tells the agent to run the included Python script, and the script only reads argv/encoding and performs HTTP(S) GET requests to the three listed services. This is in-scope. Note: one fallback (ip-api.com) is queried over plain HTTP in the script (http://ip-api.com/...), which exposes queries to network eavesdropping or MITM; all queries reveal the requester IP to the remote services (expected for geolocation).
Install Mechanism
No install spec (instruction-only with a small bundled Python script). No downloads, package installs, or archives. Low installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not read secrets or environment variables. The absence of credentials is appropriate for public geolocation APIs.
Persistence & Privilege
always is false and the skill does not attempt to modify agent/system configuration or other skills. Normal autonomous invocation is allowed (platform default).
Assessment
This skill is internally consistent and small, but it performs outbound network requests to public geolocation services (freegeoip.app / api.ipbase.com / ip-api.com). Consider the privacy implications: those services will see your IP and the queried IPs. Note the script queries ip-api.com over HTTP (not HTTPS), which could be visible to network eavesdroppers or altered via MITM—if that matters, update the script to use HTTPS endpoints or remove that fallback. There are no requested credentials or hidden endpoints. If you need stronger privacy, run it locally on a trusted network or behind a VPN, or inspect/modify the script before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk972hmnysk8a07fts31cvqfern846vdk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments