Map Grabber
PassAudited by ClawScan on May 1, 2026.
Overview
Map Grabber appears purpose-aligned: it runs a local Python script to fetch OpenStreetMap data and save map files, with normal cautions around package installation and sending addresses to mapping services.
This looks safe for normal map-generation use. Before installing, be comfortable installing the Python dependencies and with addresses being sent to OpenStreetMap-related services; prefer output paths like /tmp or ~/.openclaw/media.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask for a map, the agent may run the local Python script and generate/send output files without asking again.
The skill explicitly relies on shell execution of the included map script. This is central to its purpose and disclosed, but it is still a meaningful local-execution capability.
**Agent behavior:** When the user asks for a site map, base map, or OSM map (by address or place name), **run the script directly** using `exec`
Use the skill for intended map-generation requests and keep output paths scoped to /tmp or ~/.openclaw/media unless you intentionally choose another location.
Installing the skill’s dependencies may pull newer versions of external packages than the author tested.
The Python dependencies are listed without version pins. They are expected for OpenStreetMap and DXF functionality, but installation will resolve current package versions at install time.
osmnx ezdxf
If you need stricter supply-chain control, pin and review dependency versions before running `pip install -r requirements.txt`.
Addresses or place names you provide may be sent to external OpenStreetMap-related services to generate the map.
The script sends the user-provided address or place name through osmnx geocoding and then fetches OpenStreetMap data for the resulting location.
point = ox.geocoder.geocode(address) G = ox.graph_from_point((lat, lon), dist=dist, network_type="all")
Avoid using sensitive private locations if you are not comfortable sharing them with the mapping/geocoding provider.