Is google-maps-grounding-lite-mcp safe?

https://clawhub.ai/ryanbaumann/google-maps-grounding-lite-mcp

85
SAFE

This skill is a documentation-only wrapper around Google's Grounding Lite MCP API, accessed via the mcporter binary. It contains no executable code, no install scripts, no git hooks, and no evidence of malicious behavior during installation. The primary risks are the supply chain dependency on the mcporter npm package and the inherent transmission of location-sensitive user data to Google's servers. No prompt injection, data exfiltration, or canary integrity violations were detected.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 82/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (7)

LOW Soft behavioral directive for attribution -5

SKILL.md instructs the agent to 'Include Google Maps links in user-facing output (attribution required)'. While this is a legitimate Google Maps API requirement, it is a behavioral directive embedded in the skill that modifies agent output behavior.

LOW Model selection restriction directive -5

SKILL.md instructs 'Only use with models that don't train on input data'. This restricts which models the agent can use, which is an unusual scope for a skill to assert.

MEDIUM API key transmitted to external endpoint -12

The skill configuration sends the GOOGLE_MAPS_API_KEY via HTTP header to mapstools.googleapis.com. While this is the intended API usage, the key is exposed over the network. A compromised mcporter binary could intercept or redirect this key.

LOW Location queries contain sensitive personal data -10

All three tools (search_places, lookup_weather, compute_routes) transmit user location data, travel routes, and place searches to Google's servers. This is inherent to the API's function but represents a privacy consideration.

MEDIUM External binary dependency on mcporter -18

The skill requires installing 'mcporter' via npm, an external third-party package that acts as a binary proxy to MCP servers. This introduces supply chain risk — a compromised mcporter package could execute arbitrary code, intercept API keys, or exfiltrate data.

INFO Runtime accessed .aws/credentials and .env during install -15

The filesystem monitoring detected access to /home/oc-exec/.aws/credentials and /home/oc-exec/.env during the install process. This appears to be standard openclaw runtime behavior (reading environment configuration) rather than skill-initiated access, as no network connections were made and canary files were intact.

LOW Location data inference risk in multi-skill environments -25

If combined with skills that have data exfiltration capabilities, the location queries made through this skill could be intercepted to build user location profiles. The skill itself does not exfiltrate, but it generates sensitive data that flows through the agent context.