ClawHub

Mapbox MCP Runtime Patterns

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly coherent Mapbox integration guide, but users should review it because some examples can send precise location data to hosted Mapbox services while describing tools as offline or no-cost.

Review before installing or copying into production. Treat coordinates, addresses, home/work locations, commute searches, and route queries as sensitive data that may be sent to Mapbox and possibly an LLM provider. Use scoped Mapbox tokens, avoid logging Authorization headers or prompts containing exact locations, disclose third-party processing to users, and disable broad agent base tools unless they are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill describes capabilities that require environment variables, MCP connectivity, and outbound network access, but it does not declare those permissions or otherwise constrain them. In agent ecosystems, undeclared capabilities reduce transparency and can lead to tools being invoked with broader access than a user or platform expects, especially when API tokens and remote MCP endpoints are involved.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The tool description tells the agent and downstream developers that distance calculation works offline with no API cost, but the implementation actually sends coordinates to the remote Mapbox MCP service. This is dangerous because users or agent workflows may route sensitive location data under a false privacy/cost assumption, causing unintended external disclosure and policy noncompliance.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The tool description states the distance calculation works offline and has no API cost, but the implementation actually sends coordinates to the remote Mapbox MCP service. This is a security-relevant integrity issue because it can mislead developers and users into disclosing location data and incurring network/API usage when they believe no remote call occurs.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The tool description explicitly says the distance calculation is "offline, instant," but the implementation sends coordinates to the remote Mapbox MCP endpoint via call_tool(). This is dangerous because developers or users may rely on the description for privacy-sensitive use cases and unknowingly transmit location data off-device.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill instructs users to send a Mapbox access token in an Authorization header and to store it in an environment variable, but it does not warn about secret handling, logging exposure, scope minimization, or the privacy implications of transmitting location-related requests to a third party. While bearer-token authentication is normal, omission of credential-safety guidance in a security-relevant integration skill increases the risk of accidental token leakage or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends user-provided coordinates and task-derived geospatial data to a hosted Mapbox MCP endpoint, but the tool call sites do not provide any explicit disclosure, consent, or privacy boundary to users. In an AI-agent setting, this increases the chance that sensitive location data is silently exfiltrated to a third party during normal tool use.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends precise user-provided coordinates to an external Mapbox MCP endpoint, but the example does not disclose this at runtime or in tool-level descriptions presented to users. In an agent setting, this can lead to unintentional sharing of sensitive location data, especially because users may assume requests are handled locally by the agent or application.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example sends user-supplied geospatial queries and coordinates to the external Mapbox MCP endpoint, but the code provides no explicit notice, consent flow, or privacy guard before transmitting potentially sensitive location data. In an AI agent context, users may not realize that precise home, work, or travel locations are being forwarded to a third-party service, which creates privacy and compliance risk even if the integration is expected behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-supplied location data is transmitted to a hosted third-party endpoint without any explicit privacy notice in the example. In an agent setting, location data can be sensitive, and silent transmission increases the risk of privacy violations, unexpected data processing, and noncompliance with organizational or regulatory requirements.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example sends precise user location data and query-derived inputs to a third-party remote MCP server without any disclosure, consent flow, or data-classification guidance. In location-sensitive applications such as real estate, commute analysis, or nearby search, this can expose sensitive movement patterns or personal context to an external service unexpectedly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example sends authorization credentials and user-provided geospatial queries, including precise coordinates, to a third-party remote MCP endpoint over the network without any disclosure, consent, or guidance on data handling. In an AI agent context, users may assume the assistant is processing requests locally, so silently forwarding sensitive location data can create privacy, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The self-hosted example launches a local command (`npx @mapbox/mcp-server`) without clearly warning the reader that adopting this pattern causes local code execution and dependency resolution through Node tooling. In an agent-integration skill, users may copy this verbatim, and `npx` introduces supply-chain and execution risk if packages are unpinned or the environment is not trusted.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example sends precise geolocation data, including user-supplied coordinates and POI searches, to https://mcp.mapbox.com/mcp without any user-facing warning, consent flow, or data-minimization guidance. In an agent context, this can normalize silent exfiltration of sensitive location data to a third party, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The property-search example processes combined home/property locations and work location, which can reveal highly sensitive lifestyle and commuting patterns when sent to a remote service through the agent tools. Inference of home/work relationships materially increases privacy risk beyond ordinary map lookups, especially if used in production without notice or consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example code transmits exact home/work/property coordinates to external Mapbox MCP tools without showing any consent flow, minimization, or privacy disclosure. In location-sensitive applications such as real estate and commuting analysis, this can expose highly sensitive user movement patterns and residential/work addresses if adopted directly by developers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal