ClawHub

SmartRoute - Google Routes Calculator

v1.0.4

Calculate traffic-aware routes, travel times, and distances between locations using Google Routes API. Use when the user asks for "traffic to X", "how long to get to Y", "best route to Z", or "drive time". Returns JSON with duration, distance, and a direct Google Maps navigation link.

2· 1.4k·2 current·2 all-time
by@vemec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual implementation: a Node.js script that calls routes.googleapis.com. The only required binary (node) and required env var (GOOGLE_ROUTES_API_KEY) are appropriate for this functionality.
Instruction Scope
SKILL.md instructs running the included script with origin/destination and documents PII considerations. The script only sends addresses to Google Routes API and writes results to stdout; it does not read other files, other env vars, or contact other endpoints.
Install Mechanism
No install spec (instruction-only) and a single small JS file are present. The skill assumes node is already installed; there are no downloads or archive extraction steps.
Credentials
Only GOOGLE_ROUTES_API_KEY is required, which is proportional and expected. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or write other skills' configs. Autonomous invocation is allowed (default) but the skill's scope is limited to the Routes API.
Assessment
This skill appears coherent and implements only the documented Google Routes API calls, but consider the following before installing: - Provide a dedicated Google API key with the Routes API enabled and restrict that key (by referrer, IP, or API restrictions) to limit blast radius and accidental billing. - The script prints the origin/destination (PII) to stdout; avoid using sensitive addresses if you need privacy. - Keep the API key in a secure environment variable (as recommended) and avoid passing it on the CLI to prevent exposure in process lists. - Review and test the script in your environment (it has a small parsing assumption for duration) before trusting it in production. - If you allow autonomous agent invocation, monitor usage and billing (autonomous calls can consume quota).

Like a lobster shell, security has layers — review code before you run it.

latestvk972zppwz3am7jvy5ns5bnftf180zg1x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚦 Clawdis
Binsnode
EnvGOOGLE_ROUTES_API_KEY

Comments