Sea Route Navigation
PassAudited by ClawScan on May 12, 2026.
Overview
This skill appears to do what it says—generate maritime route waypoints and an HTML map—with ordinary cautions about running a local script, fetching dependencies, and opening the generated map.
This skill is reasonable to install if you need route visualization. Run it only for routes you request, save the HTML map somewhere safe, be aware that opening the map may load external map resources, and avoid using untrusted text as route labels.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may fetch or use third-party Python packages, which introduces normal dependency-supply-chain and reproducibility considerations.
The script relies on runtime Python dependencies with lower-bound version ranges rather than pinned exact versions, so future package updates could change behavior.
# dependencies = ["searoute>=1.5.0", "folium>=0.18.0"]
Use trusted package sources and consider pinning exact dependency versions if this skill is used in sensitive or repeatable workflows.
A careless output path could replace an existing local file with the generated map.
The script writes the generated HTML map to the supplied output path, which is expected for this skill but can overwrite files if an unsafe path is chosen.
parser.add_argument("--output", default="./sea_route_map.html") ... m.save(args.output)Save maps to a dedicated, non-sensitive filename and avoid protected or important paths.
If a route label came from untrusted input, it could affect the generated HTML page when opened in a browser.
Route display names are embedded into browser-rendered HTML. This is expected for the map, but names from untrusted text should be handled carefully before opening or sharing the file.
info_html = f""" ... ⚓ {args.origin_name} → {args.dest_name} ... """Use plain port names, avoid opening maps generated from untrusted labels, and preferably HTML-escape display names in the script.
Opening the HTML map may contact external map services and reveal the general route area being viewed.
The generated map uses an external map tile provider when opened. This is normal for interactive maps, but it can disclose map-view requests to third-party map infrastructure.
folium.Map(location=[mid_lat, mid_lon], zoom_start=5, tiles="CartoDB positron")
Avoid opening or sharing the interactive map for sensitive routes unless external tile loading is acceptable, or modify the map to use offline/local tiles.