Commute Traffic
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent TomTom traffic-checking skill, with the main consideration that it needs a TomTom API key and sends requested route locations to TomTom.
This skill appears safe for its stated purpose. Before installing, make sure you trust the package source, use a dedicated TomTom API key, and only ask it to check routes whose origin and destination you are comfortable sending to TomTom.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It is harder to independently verify who maintains the skill, although the supplied source files are simple and align with the stated purpose.
The package provenance is not linked to a public source repository or homepage, so users have less external context for maintainer identity and update history.
Source: unknown; Homepage: none
Install only from a trusted registry or owner, and review the included files before enabling it.
Anyone able to use the skill through your OpenClaw environment may cause requests against your TomTom key and quota.
The skill requires a TomTom API key, which is expected for this integration but is still a credential that can consume API quota.
"requires": {"bins": ["python3"], "env": ["TOMTOM_API_KEY"]}, "primaryEnv": "TOMTOM_API_KEY"Use a dedicated TomTom API key, monitor quota usage, and rotate the key if you suspect it was exposed.
Your requested origin and destination, which may reveal home, work, or travel patterns, are shared with TomTom to calculate traffic results.
The script sends origin/destination queries and coordinates to TomTom API endpoints for geocoding and routing, which is necessary for the skill but exposes route-location data to the provider.
TOMTOM_BASE = "https://api.tomtom.com"
Avoid using highly sensitive addresses unless you are comfortable sharing them with TomTom, and review TomTom’s privacy terms if needed.