Maps
Security checks across malware telemetry and agentic risk
Overview
This instruction-only maps skill is coherent, but it can send location details to map providers and keep local recurring-place notes when the user approves.
This skill appears safe to install for map planning if you are comfortable approving live provider calls and maintaining local map notes. Before use, decide whether you want planning-only behavior or live API/link execution, restrict any API keys you provide, and keep ~/maps/ free of sensitive itineraries or location history.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you enable live paid provider calls, your API keys may be used and your provider quota or billing could be affected.
The skill may use map-provider credentials for live paid APIs, but this is disclosed, user-approved, and aligned with the mapping purpose.
Live Google Maps, Mapbox, HERE, or other paid API calls need user-approved credentials.
Use restricted, least-privilege provider keys where possible and approve live paid calls only when needed.
Saved map preferences or recurring places could reveal sensitive routines or locations if the local ~/maps/ files are exposed or reused unexpectedly.
The skill can persist recurring location context locally, which may be sensitive, but it instructs the agent to ask before storing that information.
If the user shares recurring home, office, or travel hubs, ask whether local notes are acceptable before storing them.
Review the ~/maps/ files periodically, store only minimal reusable context, and avoid saving sensitive routes or location history.
Addresses, routes, or itinerary details may be shared with third-party map services when live lookups are approved.
The skill may transmit location or itinerary data to external map providers, but it explicitly requires confirmation for sensitive data.
Confirm before sending sensitive origin, destination, or itinerary data to a live provider.
Confirm the provider and data being sent before live map requests, especially for home addresses, medical visits, client sites, or private travel plans.