Mapbox Search Integration
v1.0.0Complete workflow for implementing Mapbox search in applications - from discovery questions to production-ready integration with best practices
⭐ 0· 43·0 current·0 all-time
by@mapbox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Mapbox Search integration) matches the contents: extensive discovery questions, product selection guidance, platform-specific SDK examples, and best practices for debouncing, session tokens, caching, error handling, testing, and monitoring. Nothing in the files requires unrelated capabilities (no cloud providers, no extra binaries, no unrelated credentials).
Instruction Scope
The SKILL.md and reference docs contain concrete code samples that instruct the developer to use Mapbox SDKs or direct API calls. Those instructions are narrowly scoped to implementing search UX and backend endpoints. One minor inconsistency: several examples reference environment variables (e.g., process.env.MAPBOX_TOKEN) and analytics.track calls even though the skill's metadata declares no required env vars; the docs also include direct API examples (fetch) which properly warn about debouncing/session tokens. There are sample analytics tracking calls (monitoring) but no concrete external analytics endpoint is embedded — they're illustrative code only.
Install Mechanism
No install spec and no code files that execute on install — this is instruction-only content. References to npm/Gradle/SPM packages are normal for SDK usage and are appropriate for the described integrations.
Credentials
The skill metadata declares no required environment variables or credentials, yet many examples show using a Mapbox access token (e.g., YOUR_MAPBOX_TOKEN, process.env.MAPBOX_TOKEN). This is expected for a Mapbox integration, but the documentation does not itself request or store credentials. Users should supply tokens only in appropriate server-side env vars or use properly scoped/public tokens for client usage (the docs explicitly warn against using secret sk.* tokens client-side).
Persistence & Privilege
Skill flags show no elevated persistence (always:false), and there is no installation step that would modify agent/system configuration. The skill is user-invocable and can be used autonomously by the agent (default), which is expected behavior for an instruction skill.
Assessment
This skill is a documentation-style, instruction-only guide for implementing Mapbox Search and appears coherent with that purpose. It does not itself request credentials or install code. Before using examples in production: (1) never embed secret Mapbox tokens (sk.*) in client-side code — use restricted, URL-limited public tokens or proxy requests through a server; (2) follow the guide's advice on session tokens and debouncing to avoid unexpected billing; (3) review any analytics/monitoring snippets to ensure you are not sending telemetry to unknown endpoints; and (4) when copying code, replace placeholder tokens with properly scoped environment variables stored securely on the server or as restricted client tokens. If you want an automated install or code that runs inside your agent, request a skill version that includes an install spec and explicit env requirements so you can review them first.Like a lobster shell, security has layers — review code before you run it.
latestvk97ezrcb9f4h8w6z8h7v7wxk6h83ytca
License
MIT-0
Free to use, modify, and redistribute. No attribution required.