Google Maps Api Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Google Maps business-data scraper, but it uses a BrowserAct API key and sends search requests to an external BrowserAct workflow.
Install only if you are comfortable using BrowserAct for Google Maps data collection. Keep the API key protected, monitor account usage/costs, and require clear user approval for broad, recurring, or compliance-sensitive scraping tasks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may start BrowserAct Google Maps scraping jobs for matching user tasks, potentially using account credits or collecting more data than intended.
The skill asks the agent to initiate an external scraping workflow and permits one automatic retry; this is disclosed and purpose-aligned, but it can consume API usage if invoked too broadly.
Agent should proactively trigger this skill... If the output does not contain "Invalid authorization" ... automatically try to re-execute the script once.
Use it for explicit, scoped searches, and require confirmation before broad, recurring, or high-volume data collection.
Anyone with access to that key may be able to use the associated BrowserAct account or consume its quota/credits.
The script reads a BrowserAct API key from the environment and uses it as a bearer token for BrowserAct workflow API requests.
api_key = os.getenv("BROWSERACT_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Set the key through an environment variable rather than pasting it into chat, use the least-privileged key available, and rotate it if exposed.
The main scraping workflow behavior depends on BrowserAct’s hosted template and service availability, not only on the local Python file.
The local code delegates the core automation to a provider-hosted BrowserAct workflow template, so users are trusting that external template as part of the skill behavior.
TEMPLATE_ID = "77577579210625331" API_BASE_URL = "https://api.browseract.com/v2/workflow"
Verify that the BrowserAct template and account are trusted, and monitor provider-side workflow changes or usage.
Search keywords, country/language parameters, and workflow results are processed by BrowserAct.
The script sends the user’s search parameters to BrowserAct and later retrieves the resulting data from the same external service.
requests.post(f"{API_BASE_URL}/run-task-by-template", json=payload, headers=headers)Avoid using sensitive or confidential search terms unless you are comfortable with BrowserAct processing them, and review the provider’s privacy and retention practices.