Google Maps Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it says: it uses a third-party Google Maps scraping API to collect business lead data, with user confirmation before paid searches.

Before installing, consider whether your intended use of scraped business contact data complies with Google Maps terms, privacy laws, anti-spam rules, and your own retention/security practices. Protect exported CSV files and avoid collecting or using more contact data than you actually need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly facilitates collection and export of business contact data, including emails, phone numbers, reviews, and CSV downloads, but provides no guidance on lawful use, retention, consent, or secure handling. While the data targets businesses rather than obvious secrets, the workflow enables lead harvesting and downstream outreach, which creates privacy, compliance, and misuse risk if users store or process the data improperly.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal