ClawHub

Google Maps

v3.2.0

Google Maps integration for OpenClaw with Routes API. Use for: (1) Distance/travel time calculations with traffic prediction, (2) Turn-by-turn directions, (3...

8· 4k·24 current·24 all-time
byshaharsh@shaharsha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Routes API, geocoding, places, directions, matrix) match the declared requirements: an API key (GOOGLE_API_KEY) and the 'requests' Python package. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included Python script with well-scoped actions (distance, directions, matrix, geocode, search, details). The instructions reference only the Google Maps APIs and local script execution; they do not ask the agent to read unrelated files, system secrets, or send data to non-Google endpoints in the visible content.
Install Mechanism
No install spec or third-party downloads; the only runtime dependency is 'requests' (pip). The skill is delivered as code bundled with the skill (lib/map_helper.py) and does not fetch arbitrary archives or executables from untrusted URLs.
Credentials
Only GOOGLE_API_KEY is required (with a documented fallback GOOGLE_MAPS_API_KEY and optional language env). This is appropriate for calling Google Maps/Routes/Places/Geocoding APIs and is proportionate to the stated functionality.
Persistence & Privilege
The skill does not request always: true and it runs only when invoked (user-invocable). It does not declare modifications to other skills or system-wide settings. The allowed-tool 'exec' is present to run the Python helper, which is consistent with the instructions.
Assessment
This skill appears coherent, but take these precautions before installing: (1) Use a Google API key restricted to the specific Maps APIs (Routes, Places, Geocoding) and restrict by referrer or IP to limit abuse. (2) Avoid using an unrestricted or shared API key; create a dedicated key for this skill and enable billing alerts/quotas. (3) Review the full lib/map_helper.py (the provided snippet was truncated) to confirm there are no unexpected external endpoints or secret-exfiltration code paths. (4) Ensure the environment variable GOOGLE_API_KEY is stored securely and not logged by other components; do not paste the key into public places. (5) Confirm 'requests' is installed in a controlled environment and monitor API usage after enabling the skill. If you want higher assurance, request the full source for inspection and verify there are no non-Google network calls or hard-coded endpoints before granting the key.

Like a lobster shell, security has layers — review code before you run it.

directionsvk976sbr00t9ra07bwmfy4jseed80gdncdistancevk976sbr00t9ra07bwmfy4jseed80gdncgooglevk976sbr00t9ra07bwmfy4jseed80gdnclatestvk978q2fhye49echarjy56aew7983dww0locationvk976sbr00t9ra07bwmfy4jseed80gdncmapsvk976sbr00t9ra07bwmfy4jseed80gdncnavigationvk976sbr00t9ra07bwmfy4jseed80gdncplacesvk976sbr00t9ra07bwmfy4jseed80gdncsearchvk976sbr00t9ra07bwmfy4jseed80gdnc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗺️ Clawdis
EnvGOOGLE_API_KEY
Primary envGOOGLE_API_KEY

Comments