← 返回 Skills 市场
🔌

Mapbox Token Security

作者 Mapbox · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install mapbox-token-security
功能描述
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when...
安全使用建议
This is documentation-level guidance about Mapbox token security that appears legitimate, but review and reconcile the conflicting instructions before using operationally: 1) Update incident-response steps to prefer 'create replacement and deploy/verify before revoking' when zero-downtime is required; reserve immediate revocation only for extreme emergency when compromise is certain and downtime acceptable. 2) Clarify 'log token usage' to ensure only usage metrics are logged (not token values). 3) Test rotation and emergency procedures in staging to validate they behave as expected. 4) Note the source is unknown—treat this as general guidance, and cross-check against Mapbox's official docs and your org's incident response policy before enacting. If you intend to automate any of these steps, have a clear playbook that specifies when to revoke immediately vs. rotate safely to avoid accidental outages.
功能分析
Type: OpenClaw Skill Name: mapbox-token-security Version: 1.0.0 The skill bundle is a purely educational resource providing security best practices for managing Mapbox access tokens. It contains detailed documentation, checklists, and incident response procedures (SKILL.md, AGENTS.md, and reference files) designed to help users implement the principle of least privilege and secure token storage. No malicious code, data exfiltration attempts, or harmful instructions were identified.
能力评估
Purpose & Capability
Name and description match the included content: the files are guidance and checklists about Mapbox token types, scope management, URL restrictions, rotation, storage, and monitoring. The skill requests no binaries, env vars, installs, or credentials — appropriate for a documentation/consulting skill.
Instruction Scope
Most runtime instructions stay within scope (token scoping, URL restrictions, storage, rotation, monitoring). However, the incident-response guidance includes 'Immediate actions (first 15 minutes): 1. Revoke the token' which contradicts the zero-downtime rotation guidance elsewhere (which says create new token and revoke old only after verifying). That contradiction is operationally meaningful: following the 'revoke first' instruction can cause outages. There are also minor ambiguities (e.g., 'Log token usage' is recommended but elsewhere the docs warn 'Don't log tokens' — this is fine if interpreted as 'log usage metrics, not token values', but the wording could be misapplied).
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. Lowest install risk.
Credentials
The skill does not request any environment variables or credentials. Its recommendations to use environment variables and secret managers are appropriate and proportional to the stated purpose.
Persistence & Privilege
Skill is user-invocable, not always-on, and does not request system-level persistence or modify other skills. Normal privilege model.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mapbox-token-security
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mapbox-token-security 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
mapbox-token-security v1.0.0 - Initial release providing best practices and guidelines for Mapbox access token security. - Covers token types (public, secret, temporary) and recommended usage scenarios. - Details scope management, including least privilege and scope combos for common tasks. - Explains how to set up URL restrictions and secure storage/handling for different token types. - Includes a comprehensive security checklist and references for rotation, monitoring, and incident response. - Lists clear situations for using this skill during development, audit, and incident workflows.
元数据
Slug mapbox-token-security
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Mapbox Token Security 是什么?

Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 Mapbox Token Security?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mapbox-token-security」即可一键安装,无需额外配置。

Mapbox Token Security 是免费的吗?

是的,Mapbox Token Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Mapbox Token Security 支持哪些平台?

Mapbox Token Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mapbox Token Security?

由 Mapbox(@mapbox)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论