ClawHub

map-query

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it tells the agent to print map-provider API keys and does not clearly warn users before sending addresses to external map services.

Review before installing. Do not run the documented echo commands for API keys; use presence-only checks instead, and use restricted map-provider keys with quotas. Avoid submitting home, workplace, or other sensitive addresses unless you are comfortable sharing them with the selected map provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs users to print secret environment variables with `echo $AMAP_KEY`, `echo $BAIDU_MAP_KEY`, and `echo $TENCENT_MAP_KEY`. In agent, terminal, or audited environments, this can expose API keys in console history, logs, transcripts, screenshots, or telemetry, turning a simple configuration check into credential disclosure. The map-query context does not justify revealing the full secret; only presence/absence needs to be checked, so this guidance is unnecessarily risky.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage examples use natural, everyday phrasing such as asking for food or promotions near an address, which can overlap with ordinary user requests and cause the skill to trigger unintentionally. In an agent environment, overly broad activation language can lead to surprise tool use, unnecessary disclosure of user location/context to map providers, and execution in situations where the user did not explicitly intend to invoke this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users for detailed addresses and describes geocoding and nearby search via third-party map providers, but it does not disclose that those user-supplied addresses will be transmitted to external services. This creates a privacy and consent risk because home, work, or other sensitive location data may be shared with AMap, Baidu, or Tencent without explicit user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user-supplied address data to third-party geocoding services without any notice, confirmation, or documentation at the point of use. Addresses can contain sensitive location or personal information, so silent transmission to external providers creates a privacy and data-handling risk, especially in automation contexts where users may not realize their input leaves the local environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script geocodes a user-supplied address and sends the resulting location data to external map providers without any consent prompt, warning, or privacy notice. Exact or near-exact location data is sensitive, and this CLI automatically transmits it to third parties along with provider API credentials, creating a real privacy exposure even if the behavior is functionally necessary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal