Google Maps

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Maps integration that uses Membrane for authentication and API access, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable adding the Membrane CLI, logging into Membrane, and connecting Google Maps access. Prefer the named actions over raw proxy requests, review authentication permissions, and avoid sending unnecessary sensitive addresses, coordinates, routes, or place searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The proxy section explicitly enables direct requests to Google Maps API paths but does not instruct the agent to obtain user confirmation, validate destinations/parameters, or warn about sending potentially sensitive location data to an external service. In a mapping context, arbitrary proxying can expose addresses, coordinates, travel routes, or place queries and bypass safer pre-built actions with tighter semantics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal