Back to skill

Security audit

Google Maps

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Maps skill that uses ClawLink as a disclosed broker, but users should treat precise location and WiFi/cell geolocation requests as sensitive.

Install only if you are comfortable using ClawLink as the broker for Google Maps requests and credentials. Avoid using current-location, WiFi, or cell-tower based geolocation unless you intentionally want that location signal sent through the integration path, and review the ClawLink plugin before approving the local install and allowlist changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a Google Maps/Places integration, but it instructs the agent to install and trust a separate ClawLink plugin, modify the local allowlist, and restart the gateway. That expands the attack surface beyond the declared skill scope and could enable execution of additional brokered tools or code paths the user did not intend to trust when selecting a maps lookup skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The troubleshooting section again instructs local configuration edits and service restarts unrelated to ordinary Maps API usage. Even if framed as support steps, these actions can normalize privilege-expanding behavior and cause the agent or user to alter trusted runtime settings for a skill that should only perform remote map queries.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The security section claims access is limited to location and routing data, but the documented toolset includes device geolocation from cell towers/WiFi and static map generation, which are broader and more privacy-sensitive capabilities. This mismatch can mislead users and reviewers about what data may be collected, inferred, or transmitted.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages users to submit addresses, coordinates, routes, and nearby-search queries to Google Maps through ClawLink without clearly disclosing that this data is transmitted to external services. Because location data is often sensitive, the omission weakens informed consent and increases privacy risk, especially for precise addresses or inferred device location requests.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.