ClawHub

Mapbox MapLibre Migration

v1.0.0

Guide for migrating from MapLibre GL JS to Mapbox GL JS, covering API compatibility, token setup, style configuration, and the benefits of Mapbox's official...

0· 71·0 current·0 all-time
by@mapbox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (migrating from MapLibre GL JS to Mapbox GL JS) match the content: package swap, import changes, token usage, style URLs, plugin mappings, and API compatibility. Nothing requested (no env vars, no binaries, no config paths) is unrelated to this documented purpose.
Instruction Scope
SKILL.md contains only migration instructions, code examples, and best practices for token handling. It references calling Mapbox APIs (api.mapbox.com) in examples — expected for a Mapbox migration guide — and does not instruct the agent to read unrelated files, harvest credentials, or send data to unexpected endpoints. It references another skill (mapbox-token-security) for deeper guidance; that is a cross-reference, not hidden behavior.
Install Mechanism
This is an instruction-only skill with no install spec and no code files that would be executed. No downloads, archive extraction, or package installs are performed by the skill itself; npm install steps are guidance for the developer and are proportionate to the migration task.
Credentials
The guide explains how to use Mapbox access tokens and recommends storing them in environment variables and restricting them appropriately. It does not request any environment variables or secrets from the platform and does not ask for unrelated credentials or elevated access.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify agent/system configuration. Autonomous invocation is allowed by default but this is normal for skills; there are no additional privileges or persistent behaviors requested.
Assessment
This skill is a straightforward migration guide and appears internally consistent. Before using: (1) follow its token security advice — store Mapbox tokens in env vars, apply URL restrictions for public tokens, and never commit secret tokens (sk.*) to source control; (2) remember Mapbox is proprietary (v2+) so review licensing and pricing for production use; (3) verify any Mapbox API calls in your app use the appropriate public vs secret tokens and are made from server-side code when secrets are required. If you see the skill later request unrelated credentials, remote installs from unknown URLs, or instructions to read system files or secrets, stop and re-evaluate — that would be inconsistent with this guide and suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bw8pfv14315trrznenrt5jh83zf6g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments