安全扫描
OpenClaw
安全
high confidenceThis is an instruction-only skill that is internally consistent with its stated purpose (guidance for implementing Mapbox Search); it does not request credentials or install anything, though the docs include examples that reference using a Mapbox token which the user must supply when implementing.
评估建议
This skill is a documentation-style, instruction-only guide for implementing Mapbox Search and appears coherent with that purpose. It does not itself request credentials or install code. Before using examples in production: (1) never embed secret Mapbox tokens (sk.*) in client-side code — use restricted, URL-limited public tokens or proxy requests through a server; (2) follow the guide's advice on session tokens and debouncing to avoid unexpected billing; (3) review any analytics/monitoring snip...详细分析 ▾
✓ 用途与能力
The name/description (Mapbox Search integration) matches the contents: extensive discovery questions, product selection guidance, platform-specific SDK examples, and best practices for debouncing, session tokens, caching, error handling, testing, and monitoring. Nothing in the files requires unrelated capabilities (no cloud providers, no extra binaries, no unrelated credentials).
ℹ 指令范围
The SKILL.md and reference docs contain concrete code samples that instruct the developer to use Mapbox SDKs or direct API calls. Those instructions are narrowly scoped to implementing search UX and backend endpoints. One minor inconsistency: several examples reference environment variables (e.g., process.env.MAPBOX_TOKEN) and analytics.track calls even though the skill's metadata declares no required env vars; the docs also include direct API examples (fetch) which properly warn about debouncing/session tokens. There are sample analytics tracking calls (monitoring) but no concrete external analytics endpoint is embedded — they're illustrative code only.
✓ 安装机制
No install spec and no code files that execute on install — this is instruction-only content. References to npm/Gradle/SPM packages are normal for SDK usage and are appropriate for the described integrations.
ℹ 凭证需求
The skill metadata declares no required environment variables or credentials, yet many examples show using a Mapbox access token (e.g., YOUR_MAPBOX_TOKEN, process.env.MAPBOX_TOKEN). This is expected for a Mapbox integration, but the documentation does not itself request or store credentials. Users should supply tokens only in appropriate server-side env vars or use properly scoped/public tokens for client usage (the docs explicitly warn against using secret sk.* tokens client-side).
✓ 持久化与权限
Skill flags show no elevated persistence (always:false), and there is no installation step that would modify agent/system configuration. The skill is user-invocable and can be used autonomously by the agent (default), which is expected behavior for an instruction skill.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/31
- Initial release providing a complete workflow for integrating Mapbox search in applications. - Includes structured discovery questions to determine the best Mapbox search solution for each use case. - Recommends session-based Search Box API as the default for interactive search, with clear decision points for Geocoding API. - Outlines best practices and product selection guidance for web, React, iOS, and Android platforms. - Details reference documentation to load based on the user's platform and requirements.
● Pending
安装命令
点击复制官方npx clawhub@latest install mapbox-search-integration
镜像加速npx clawhub@latest install mapbox-search-integration --registry https://cn.longxiaskill.com