Mapbox Store Locator Patterns
v1.0.0Common patterns for building store locators, restaurant finders, and location-based search applications with Mapbox. Covers marker display, filtering, distan...
⭐ 0· 41·0 current·0 all-time
by@mapbox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the actual content: maps, markers, filtering, distance, geolocation, and directions. Required libraries mentioned (@turf/turf, mapbox-gl) are appropriate for these tasks and nothing unrelated is requested.
Instruction Scope
The SKILL.md stays within the stated purpose (map display, filtering, distance, directions). It instructs use of navigator.geolocation (user device location) and Mapbox APIs (requiring an access token) which are expected for a store-locator but are sensitive: the skill shows examples that would access the user's location and call Mapbox Directions API from client code. There are no instructions to read unrelated system files or exfiltrate data, but consumers should be aware of the privacy implications of using navigator.geolocation and embedding API tokens in client-side code.
Install Mechanism
This is instruction-only with no install spec or downloaded code. The SKILL.md recommends installing mapbox-gl and @turf/turf via npm — that is standard and proportional. Nothing is downloaded from arbitrary URLs or written to disk by the skill itself.
Credentials
The skill examples require a Mapbox access token (mapboxgl.accessToken) and use client-side geolocation, but the skill metadata declares no required environment variables. This is not harmful but is a minor mismatch: users must still supply a Mapbox token and be careful not to expose it in public client builds. No unrelated credentials or config paths are requested.
Persistence & Privilege
always:false and no install spec mean the skill does not request permanent presence or elevated privileges. It does not attempt to modify other skills or system settings.
Assessment
This skill is a coherent recipe for building Mapbox-based store locators. Before using it: (1) obtain a Mapbox access token and avoid embedding it in public client bundles—prefer a server-side proxy for sensitive requests or token-scoped usage; (2) note the examples use navigator.geolocation, which requires explicit user permission and has privacy implications—only request location when needed and explain why; (3) examples fetch directions using the Mapbox Directions API with the access token in the URL—consider server-side calls to avoid exposing the token and to manage rate limits/billing; (4) the SKILL.md recommends npm packages (mapbox-gl, @turf/turf) which you should vet and install yourself; and (5) if any example endpoints (e.g., /api/stores) are present in your app, ensure they are trusted and properly secured. If you need the skill to store or use secrets automatically, ask the author to declare required env vars and a secure install mechanism.Like a lobster shell, security has layers — review code before you run it.
latestvk97b8g5y5bkq9xyem5darve34d83yv9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.