Broadbandmap Cell Coverage Skill
Analysis
This is a straightforward cell-coverage lookup skill, but users should know it sends addresses or coordinates to external map/coverage APIs and can use an optional API key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
If your target API differs, pass `--base-url`, `--endpoint`, and `--param-lat/--param-lon`.
The API target is configurable. That flexibility is disclosed and purpose-aligned, but it means the user or agent can direct requests to non-default hosts.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
p.add_argument("--api-key", default=os.getenv("BROADBANDMAP_API_KEY")) ... headers["Authorization"] = f"Bearer {args.api_key}" ... headers["x-api-key"] = args.api_keyThe script can read an optional API key from an argument or environment variable and send it as authentication to the selected API host.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
url = f"https://nominatim.openstreetmap.org/search?{q}" ... url = f"{base}{endpoint}?{query}"The script sends address searches to OpenStreetMap Nominatim and sends latitude/longitude query parameters to the configured coverage API.