open-map

Security checks across malware telemetry and agentic risk

Overview

This appears to be a maps/navigation skill whose external map handoff is expected, but users should understand destinations may be shared with map providers.

Install if you want the agent to open destinations in your system map app. Avoid using sensitive home, work, or private coordinates unless you are comfortable sending them to the map application and its provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documentation explicitly instructs opening Apple Maps or other registered map URL handlers with user-supplied destination data, but does not warn that the destination will be transmitted to external applications and potentially remote map providers. This creates a real privacy and data-sharing risk, especially if users provide sensitive addresses, coordinates, or location intent without understanding that the data leaves the agent context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal