geocode
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward reverse-geocoding skill that sends provided coordinates to a disclosed geocoding endpoint and does not request credentials or persist data.
This skill appears safe for normal interactive reverse-geocoding use. Before installing, note that each lookup sends the coordinates to geocode.com.cn unless GEOCODE_BASE_URL is configured to another trusted endpoint.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The geocoding provider can see the coordinates being looked up and the configured User-Agent.
The script sends the supplied latitude and longitude to the configured geocoding provider. This is disclosed and necessary for the skill, but it is still an external data flow involving location data.
base_url="${GEOCODE_BASE_URL:-https://geocode.com.cn}" ... --data "lat=$latitude" ... --data "lon=$longitude"Use this skill only for coordinates you are comfortable sending to the configured provider; use a trusted self-hosted endpoint via GEOCODE_BASE_URL for sensitive locations.