Google Maps Search Api
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: google-maps-search-api Version: 0.1.0 The skill is designed to extract business data from Google Maps using the BrowserAct API. The `SKILL.md` provides clear instructions for the agent on how to use the skill, handle the `BROWSERACT_API_KEY`, and manage errors, all directly aligned with its stated purpose. The `scripts/google_maps_search_api.py` script correctly implements this logic, communicating solely with `api.browseract.com` to run and retrieve task results. There is no evidence of data exfiltration beyond the necessary API key for the service, malicious execution, persistence mechanisms, or harmful prompt injection attempts against the agent. All actions are consistent with the skill's described functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill may need to provide a BrowserAct API key, which could allow use of their BrowserAct account or consume their BrowserAct credits.
The skill requires a BrowserAct credential and even suggests pasting it into chat. That is purpose-aligned for the BrowserAct API, but it is sensitive account authority and is not declared in the registry metadata.
Before running, check the `BROWSERACT_API_KEY` environment variable. If it is not set... request and wait for the user to provide it... "provide it to me in this chat."
Prefer setting BROWSERACT_API_KEY as a local environment variable instead of pasting it into chat, use a dedicated or least-privilege key if available, and revoke or rotate the key if it is exposed.
The user must trust BrowserAct and the referenced workflow template to perform only the advertised Google Maps search task with the submitted parameters.
The local script delegates work to a BrowserAct-hosted workflow template. This is central to the skill's purpose, but the actual remote template implementation is not present in the reviewed artifacts.
TEMPLATE_ID = "77805072070738748" API_BASE_URL = "https://api.browseract.com/v2/workflow"
Verify the BrowserAct workflow/template in the BrowserAct dashboard if possible, monitor task runs, and avoid sending sensitive search terms unless you are comfortable sharing them with BrowserAct.
If BrowserAct leaves a task pending or the status endpoint behaves unexpectedly, the agent session may hang and continue polling until interrupted.
The script polls the remote task until it reaches a terminal status, with no maximum wait time. This is common for workflow APIs, but a stuck task could keep the command running.
while True:
status_res = requests.get(f"{API_BASE_URL}/get-task-status?task_id={task_id}", headers=headers).json()
...
time.sleep(3)Use reasonable result limits, watch for long-running tasks, and consider adding a timeout or manual stop condition before heavy use.