ClawHub

Map Grabber

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims by fetching OpenStreetMap data for an address and saving map files, but users should know it sends location queries to external map services and runs a local Python script.

Install only if you are comfortable with addresses or place names being sent to external OpenStreetMap-related services. Prefer output paths under /tmp or ~/.openclaw/media, review generated files before using them in CAD workflows, and consider pinning dependencies in a controlled environment if reproducible installs matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Scope Creep

High
Confidence
98% confidence
Finding
The script performs live geocoding and OpenStreetMap data retrieval over the network, but the manifest declares only shell:exec permission. This creates an undeclared external communication channel that can transmit user-supplied addresses and fetch remote content, violating least-privilege and misleading users about the skill's actual capabilities.

Scope Creep

High
Confidence
97% confidence
Finding
When --buildings is enabled, the script makes an additional network-backed request to retrieve building footprints, again without corresponding declared permission. This expands external data transfer and remote dependency surface beyond what the manifest communicates, increasing privacy and governance risk for user location data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger guidance is broad enough that an agent may auto-activate this skill for generic map-related user requests without clear boundaries or confirmation. Because the skill has `shell:exec` permission and performs network/data retrieval plus file writes, overbroad activation can cause unintended external access and command execution in response to ambiguous prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to run commands directly, write files to disk, and fetch external map data without warning or confirmation. In a `shell:exec` context, this reduces user awareness and consent around side effects, increasing the risk of unintended filesystem writes, network access, or operational misuse triggered by casual requests.

Unpinned Dependencies

Low
Category
Supply Chain
Content
osmnx
ezdxf
Confidence
90% confidence
Finding
osmnx

Unpinned Dependencies

Low
Category
Supply Chain
Content
osmnx
ezdxf
Confidence
90% confidence
Finding
ezdxf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal