ClawHub

Broadbandmap Cell Coverage Skill

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised cell coverage lookup, but users should understand that locations are sent to external map and coverage services.

Install if you are comfortable sending queried addresses or precise coordinates to OpenStreetMap Nominatim and the configured coverage API. Avoid using home or sensitive locations unless needed, prefer trusted HTTPS endpoints, and use a limited-purpose BroadbandMap API key if authentication is required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports address geocoding and coverage queries via external services, but it does not warn users that entered addresses, coordinates, and possibly API-derived metadata will be transmitted off-platform. Because location data is sensitive, lack of notice and consent can expose users to privacy harm and violate platform expectations even if the external APIs are legitimate.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-supplied addresses to Nominatim for geocoding and precise latitude/longitude to a third-party coverage API, but the code provides no notice, consent flow, or minimization before transmitting that location data. In a skill context, users may reasonably expect a coverage lookup, but precise location is still sensitive data and silent disclosure to external services creates a real privacy risk if users are unaware or if the endpoint is reconfigured.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal