ClawHub

Mapbox Web Integration Patterns

v1.0.0

Official integration patterns for Mapbox GL JS across popular web frameworks (React, Vue, Svelte, Angular). Covers setup, lifecycle management, token handlin...

0· 40·0 current·0 all-time
by@mapbox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Mapbox GL JS integration patterns) align with the provided files: guides, framework-specific examples, and token-management guidance. Nothing in the manifest or content requests unrelated capabilities (no cloud creds, no system binaries).
Instruction Scope
SKILL.md and the reference files only contain guidance and example code snippets for initializing Mapbox maps, lifecycle cleanup, SSR handling, and token-management patterns. Examples reference environment variables for tokens (Vite/Next.js/CRA), but the skill does not instruct reading system files or sending data to unexpected endpoints. External URLs are Mapbox CDN/documentation links, expected for this purpose.
Install Mechanism
There is no install specification and no code files that would be executed; this is instruction-only, which is the lowest-risk install profile for a documentation skill.
Credentials
The skill declares no required environment variables or credentials. Example code references standard client-side env var names (VITE_MAPBOX_ACCESS_TOKEN, NEXT_PUBLIC_MAPBOX_TOKEN, REACT_APP_MAPBOX_TOKEN) — appropriate and proportionate for Mapbox usage. There are no requests for unrelated secrets or multiple unrelated credentials.
Persistence & Privilege
The skill is not always-enabled (always: false) and does not request persistence or modify other skills. Default autonomous invocation is allowed but not combined with other risky properties.
Assessment
This skill is coherently documented and low-risk because it's instruction-only and asks for nothing from your system. Before installing, verify the skill source (homepage is missing) if you require official Mapbox provenance; do not paste or commit your secret access tokens into source code — follow the provided guidance to use environment variables and public client tokens (pk.*) for client-side apps. If you plan to copy examples into production, pin library versions and ensure you use server-side tokens for privileged operations (and rotate tokens if they are exposed).

Like a lobster shell, security has layers — review code before you run it.

latestvk977a45bm5kayfy7w21m7g77gd83ycvp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments