Google SERP Maps Search API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wrapper for a Just Serp API Google Maps search endpoint, with the main risk being that search and location parameters are sent to that third-party service.

Install only if you are comfortable sending Google Maps search terms, optional GPS coordinates, place IDs, and localization parameters to Just Serp API using your API key. Avoid submitting sensitive personal locations or confidential business searches unless that third-party handling is acceptable for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest explicitly defines transmission of user-provided search queries, GPS coordinates, localization settings, and place identifiers to a third-party API, but it does not warn users that potentially sensitive location and intent data will leave the local system. This creates a privacy and consent risk, especially because map searches can reveal precise whereabouts, affiliations, or business intelligence interests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal