ClawHub

Openstreet Map

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provides OpenStreetMap geocoding and annotated map generation with expected network, file input, and image output behavior.

Install in a controlled Python environment, pin dependency versions if reproducibility matters, and use a dedicated output directory so generated PNG files do not overwrite important files. Location queries and coordinates will be sent to external map services during normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities that use environment variables, read local files for point input, and make outbound network requests, but it does not declare any permissions or constraints for those actions. This creates a mismatch between what the skill can do and what an agent platform or reviewer may expect, increasing the risk of unintended data access or exfiltration through file and network operations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code allows the OPENSTREET_MAP_HOST environment variable to redirect both geocoding and tile fetches to an arbitrary host, causing user queries and map-generation traffic to be sent outside the expected OpenStreetMap infrastructure. In an agent environment, environment variables are often deployment-controlled rather than user-visible, so this creates an SSRF-like egress redirection and data exfiltration risk if a compromised runtime or malicious integrator sets the variable.

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=10.0.0
requests>=2.31.0
Confidence
90% confidence
Finding
Pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=10.0.0
requests>=2.31.0
Confidence
90% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
82% confidence
Finding
Pillow

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal