Mapick
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: mapick Version: 1.0.28 Mapick is a comprehensive skill management and privacy utility for OpenClaw. It implements several robust security layers, including a local regex-based redaction engine (scripts/redact.js) to strip sensitive data like API keys and PII before any network transmission, and a centralized HTTP wrapper (scripts/lib/http.js) that enforces a strict endpoint allowlist (api.mapick.ai). System-modifying actions, such as skill upgrades or cron job registration, are handled via a 'plan' architecture where the skill returns instructions for the AI agent to display and the user to confirm before execution, rather than executing subprocesses directly. The code is well-structured, lacks obfuscation, and aligns strictly with its stated purpose of skill recommendation and privacy protection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves the wrong cleanup action, installed skills can be removed from the agent, though Mapick attempts to keep a backup.
The code can remove installed skill directories, but it requires a confirmation flag, validates skill IDs, protects certain skills, and backs up before deletion.
if (!args.includes("--confirm")) { return { error: "confirm_required" ... } ... fs.rmSync(skillDir, { recursive: true, force: true });Review cleanup lists carefully, avoid broad “clean all” actions if unsure, and confirm that backups exist before removing important skills.
Mapick’s backend can correlate skill usage over time under the same anonymous device fingerprint.
Mapick discloses a stable pseudonymous identifier and skill-action telemetry sent to its backend after consent.
**Sent**: anonymous device fingerprint (16-char hash of `hostname|os|home`) + Skill IDs you act on + timestamps.
Use local-only mode if you do not want this telemetry, and use the documented delete-all command if you want backend records removed.
Anything sensitive the user includes in a workflow/profile answer may persist locally and influence later recommendations.
The first-run flow can store the user’s workflow description verbatim for later recommendations.
`bash shell profile set "<answer verbatim>"`
Do not include secrets, credentials, client names, or private project details in profile/workflow answers.
A shared persona report may become accessible to anyone with the link and may reveal usage patterns or top skills.
Persona sharing sends a generated local report to Mapick’s service and stores it behind a share URL for 30 days.
Only when you **explicitly confirm** "share my persona" ... uploads a generated `/tmp/mapick-report-<id>.html` ... Retained 30 days at `mapick.ai/s/{shareId}`.Inspect the local report before sharing and only confirm upload if you are comfortable with the report being hosted for 30 days.
If enabled, Mapick may keep checking for updates or idle skills in the background.
The skill supports persistent scheduled checks, but the artifact says they are consent-gated and removable.
The `notify` cron is only registered when the user explicitly runs `privacy consent-agree` ... If consent is declined, the cron is never registered and is removed on subsequent inits.
Only enable notifications if you want background checks; use the documented privacy decline or update settings commands to disable them.
Following that command would execute code fetched from the internet on the local machine.
Troubleshooting documentation may tell users to run a remote install script, which is a supply-chain-sensitive pattern, although it is not shown as an automatic action.
curl -fsSL https://get.mapick.ai/install.sh | bash
Prefer audited install paths when possible, inspect remote scripts before running them, and verify the project source if using manual install guidance.
The wording may nudge users toward deleting skills more aggressively than they otherwise would.
The cleanup UX is intentionally persuasive around removing unused skills.
Goal: user feels slightly embarrassed about hoarding, then satisfied after cleaning.
Treat cleanup suggestions as optional recommendations and make removal decisions based on whether you still need each skill.