ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TomTom Traffic Intelligence

v1.0.0

Provides real-time traffic data, route calculation, and departure planning using TomTom Traffic API for commute and meeting alerts.

0· 198·0 current·0 all-time
by@jkimnw-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jkimnw-code/tomtom-traffic.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "TomTom Traffic Intelligence" (jkimnw-code/tomtom-traffic) from ClawHub.
Skill page: https://clawhub.ai/jkimnw-code/tomtom-traffic
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tomtom-traffic

ClawHub CLI

Package manager switcher

npx clawhub@latest install tomtom-traffic
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description claim TomTom Traffic API usage and the code/SKILL.md clearly use TomTom API — that is coherent. However, the published registry metadata lists no required environment variables or primary credential while both SKILL.md and traffic-check.js require TOMTOM_API_KEY. This metadata omission is an incoherence and reduces trust (someone installing from the registry would not be warned they must supply an API key).
Instruction Scope
The runtime instructions and code stay within the stated purpose: calling TomTom endpoints, formatting route/alert data, and printing or returning results. The SKILL.md and code only reference TomTom endpoints and the local CONFIG; they do not read unrelated system files or send data to third-party endpoints beyond TomTom. Minor caveat: SKILL.md states 'No sensitive location data logged' but the CLI prints route/origin/destination info to stdout — acceptable for typical use but may expose location to anyone with access to console logs.
Install Mechanism
There is no install spec (instruction-only + a single JS file). No external downloads or package installs are performed by the skill. One operational note: the code uses fetch in Node — depending on the runtime Node version that may require Node 18+ or an explicit fetch polyfill; this is an operational compatibility issue, not a security risk.
!
Credentials
The TOMTOM_API_KEY requested by the SKILL.md and enforced by the code is proportional to the skill's function (calling TomTom API). However, the skill registry metadata declares 'Required env vars: none' and 'Primary credential: none' which is incorrect and misleading. No unrelated secrets are requested by the code.
Persistence & Privilege
The skill does not request persistent/always-on inclusion, does not declare system config paths, and does not modify other skills' configs. It runs as a normal user-space script and exports a module for integration; privileges requested are appropriate for the stated function.
What to consider before installing
This skill generally does what it says (calls TomTom Traffic API and computes departure times), but the registry metadata is missing a critical requirement: you must set TOMTOM_API_KEY in your environment. Before installing or running it: 1) Ensure you trust the source — owner/homepage are unknown; 2) Provide a TomTom API key (store it in an environment variable, do not hard-code it into repo); 3) Verify your Node runtime supports fetch (Node 18+ or add a polyfill); 4) Be aware the script prints route and location info to stdout — don't run it where console logs are exposed to untrusted parties; 5) Ask the maintainer to update registry metadata to declare TOMTOM_API_KEY as a required credential and, ideally, provide a homepage or repo so you can review changes and history. If those metadata and provenance issues are resolved, the skill appears coherent with its purpose.
traffic-check.js:19
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975s03m5zzz6d4xpc5ad504vd83910a
198downloads
0stars
1versions
Updated 23h ago
v1.0.0
MIT-0
@jkimnw-code
latest
Download

Traffic Intelligence Skill

Overview

Provides real-time traffic monitoring, route calculation, and departure planning using TomTom Traffic API (2,500 free requests/day).

Prerequisites

  1. TomTom Developer Account: https://developer.tomtom.com/
  2. API Key from TomTom Traffic API
  3. Set environment variable: export TOMTOM_API_KEY="your_key_here"

Configuration

Default locations are configured for Seattle/Bellevue area. Edit ./traffic-check.js to update:

  • CONFIG.locations: Set your home, work, and frequent destinations
  • CONFIG.buffers: Adjust parking, coffee, and meeting buffer times

Usage

Direct CLI Commands

# Check current commute (home → work)
node ./traffic-check.js check

# Plan departure for 8:00 AM meeting
node ./traffic-check.js meeting 08:00

# Test API connection
node ./traffic-check.js test

Integration with Meeting Alerts

The traffic module can be called from other scripts to enhance meeting alerts with real-time traffic data.

Example Integration

const TrafficIntelligence = require('./traffic-check.js');
const traffic = new TrafficIntelligence(process.env.TOMTOM_API_KEY);

// Get traffic-aware departure time for coffee meeting
const route = await traffic.calculateRoute(home, coffeeShop);
const meetingInfo = traffic.calculateDepartureTime(
  meetingTime,
  route.totalTimeMinutes,
  { meetingBuffer: 10 }
);

console.log(traffic.generateAlert(route, meetingInfo));

API Limits

  • Free Tier: 2,500 requests/day
  • Recommendation: Cache results for 5-10 minutes during peak hours
  • Monitoring: Check TomTom dashboard for usage statistics

Error Handling

  • Missing API key: Error message with setup instructions
  • API failure: Graceful degradation with cached/last-known data
  • Network issues: Retry logic with exponential backoff

Security Notes

  • API key stored in environment variable (not in code)
  • No sensitive location data logged
  • Rate limiting to prevent accidental overuse

Future Enhancements

  1. Historical traffic patterns
  2. Weather integration (rain/snow impact)
  3. Multiple route alternatives
  4. Public transit integration
  5. Traffic camera status

Maintainer: Agent M Last Updated: 2026-03-19 Status: Operational

Comments

Loading comments...