Google Maps Export

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Maps export helper that uses a disclosed third-party scraping API and saves requested business contact data locally after confirmation.

Install only if you are comfortable using gmapsscraper.io, spending its credits, and storing exported business contact data locally. Review requested fields before confirming an export, especially email collection and CRM import use, and consider privacy, anti-spam, and local retention obligations for your jurisdiction and use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends business listing data, including harvested contact emails, to a third-party scraping service and then stores the resulting export locally, but it does not warn the user about the privacy, compliance, and data-handling implications. This can lead to users transmitting or retaining personal/business contact data without informed consent or awareness of applicable legal or policy restrictions.

Natural-Language Policy Violations

Low

Confidence: 68% confidence
Finding: The request hardcodes the export locale to English via the lang field without asking the user, which can change result quality, omit local-language data, or mis-handle international searches. This is not a direct security flaw, but it is a trust and correctness issue that can cause unintended data processing outcomes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal