← Back to Skills Marketplace
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mapbox-token-security
Description
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when...
Usage Guidance
This is documentation-level guidance about Mapbox token security that appears legitimate, but review and reconcile the conflicting instructions before using operationally: 1) Update incident-response steps to prefer 'create replacement and deploy/verify before revoking' when zero-downtime is required; reserve immediate revocation only for extreme emergency when compromise is certain and downtime acceptable. 2) Clarify 'log token usage' to ensure only usage metrics are logged (not token values). 3) Test rotation and emergency procedures in staging to validate they behave as expected. 4) Note the source is unknown—treat this as general guidance, and cross-check against Mapbox's official docs and your org's incident response policy before enacting. If you intend to automate any of these steps, have a clear playbook that specifies when to revoke immediately vs. rotate safely to avoid accidental outages.
Capability Analysis
Type: OpenClaw Skill
Name: mapbox-token-security
Version: 1.0.0
The skill bundle is a purely educational resource providing security best practices for managing Mapbox access tokens. It contains detailed documentation, checklists, and incident response procedures (SKILL.md, AGENTS.md, and reference files) designed to help users implement the principle of least privilege and secure token storage. No malicious code, data exfiltration attempts, or harmful instructions were identified.
Capability Assessment
Purpose & Capability
Name and description match the included content: the files are guidance and checklists about Mapbox token types, scope management, URL restrictions, rotation, storage, and monitoring. The skill requests no binaries, env vars, installs, or credentials — appropriate for a documentation/consulting skill.
Instruction Scope
Most runtime instructions stay within scope (token scoping, URL restrictions, storage, rotation, monitoring). However, the incident-response guidance includes 'Immediate actions (first 15 minutes): 1. Revoke the token' which contradicts the zero-downtime rotation guidance elsewhere (which says create new token and revoke old only after verifying). That contradiction is operationally meaningful: following the 'revoke first' instruction can cause outages. There are also minor ambiguities (e.g., 'Log token usage' is recommended but elsewhere the docs warn 'Don't log tokens' — this is fine if interpreted as 'log usage metrics, not token values', but the wording could be misapplied).
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. Lowest install risk.
Credentials
The skill does not request any environment variables or credentials. Its recommendations to use environment variables and secret managers are appropriate and proportional to the stated purpose.
Persistence & Privilege
Skill is user-invocable, not always-on, and does not request system-level persistence or modify other skills. Normal privilege model.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mapbox-token-security - After installation, invoke the skill by name or use
/mapbox-token-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
mapbox-token-security v1.0.0
- Initial release providing best practices and guidelines for Mapbox access token security.
- Covers token types (public, secret, temporary) and recommended usage scenarios.
- Details scope management, including least privilege and scope combos for common tasks.
- Explains how to set up URL restrictions and secure storage/handling for different token types.
- Includes a comprehensive security checklist and references for rotation, monitoring, and incident response.
- Lists clear situations for using this skill during development, audit, and incident workflows.
Metadata
Frequently Asked Questions
What is Mapbox Token Security?
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install Mapbox Token Security?
Run "/install mapbox-token-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mapbox Token Security free?
Yes, Mapbox Token Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mapbox Token Security support?
Mapbox Token Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mapbox Token Security?
It is built and maintained by Mapbox (@mapbox); the current version is v1.0.0.
More Skills