Geomanic

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Geomanic integration that can access and modify GPS waypoint data, so users should handle its token and delete/update actions carefully.

Install only if you trust Geomanic with your location history and want OpenClaw to access it. Store GEOMANIC_TOKEN as a secret, keep query ranges as narrow as practical, and explicitly verify waypoint IDs before creating, updating, or deleting records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to send precise GPS travel data and a bearer token to a remote endpoint but does not warn about the privacy and credential-transmission implications. Because this skill handles highly sensitive location history, lack of disclosure meaningfully increases the risk of uninformed data exposure to an external service.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents create, update, and delete waypoint operations without any warning that these actions modify or permanently remove user travel records. In an agent setting, omission of destructive-action warnings can lead to accidental loss or corruption of sensitive historical GPS data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal