Back to skill

Security audit

Maps Cli

Security checks across malware telemetry and agentic risk

Overview

Maps Cli is a disclosed OpenStreetMap command-line tool, with privacy and CI-use cautions but no evidence of hidden persistence, credential access, or destructive behavior.

Install only if you are comfortable running a downloaded Python CLI and sending searched addresses, coordinates, routes, and POI areas to public OSM-related services. Avoid using sensitive locations unless that disclosure is acceptable. Do not use the included CI verifier on untrusted submissions unless it runs in an isolated sandbox with no secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def has_self_test(fp):
    r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)
    return r.returncode == 0 and "PASS" in r.stdout
Confidence
98% confidence
Finding
r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tests = [os.path.join(folder, f) for f in os.listdir(folder)
                 if (f.startswith("test_") or f.endswith("_test.py")) and f.endswith(".py")]
        if tests:
            st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True,
                                      timeout=30).returncode == 0 for t in tests)
            st_note = f"{len(tests)} test_*.py"
        elif re.search(r"(?im)^test\s*:", skill_txt):
Confidence
98% confidence
Finding
st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True, timeout=30).returncode == 0 for t in tests)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script presents itself as performing a security check, but it also executes untrusted product code as part of verification. This creates a dangerous trust mismatch: operators may believe the tool is safely vetting content while it actually expands the attack surface and can run malicious payloads during CI.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the tool performs live OpenStreetMap queries, but it does not clearly warn users that addresses, coordinates, and POI searches are transmitted to external third-party services such as Nominatim and OSRM. In an agent or automation context, this can lead to unintended disclosure of sensitive location data, especially when users assume the tool is purely local because it is a self-contained script with no installation requirements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states elsewhere that it queries OpenStreetMap services live, but the core description does not clearly warn users that addresses, coordinates, and POI searches are transmitted to external third-party map providers. In agent or automation contexts, this can lead to unintentional disclosure of sensitive location data, operational routes, or user-entered addresses to external services without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.