Amap Traffic
v1.0.0高德地图实时路况查询与最优自驾路线规划技能。基于高德交通态势API和路径规划API,提供实时拥堵信息和最快路线建议。
⭐ 1· 1.7k·31 current·34 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Amap traffic and routing) match the requested credential (AMAP_KEY) and the code's behavior (only calls restapi.amap.com). Minor inconsistency: SKILL.md instructs storing the key at skills.entries.amap-traffic.AMAP_KEY but the script looks for skills.entries['amap-traffic'].get('apiKey') or top-level amapKey/AMAP_KEY — so the documented config field name and the script's expected field differ.
Instruction Scope
SKILL.md and the Python script both state the skill will read OpenClaw configuration for AMAP_KEY. The script only reads openclaw.json from /home/admin/.openclaw/openclaw.json and ~/.openclaw/openclaw.json (then environment variable), and only extracts API-key-like fields; it does not read other system files or send data to endpoints other than AMap APIs. The only scope concern is the mismatch in the exact config field name described vs. what the code checks.
Install Mechanism
No install spec; this is an instruction-only skill with a single Python script. Nothing is downloaded or written to disk by an installer step.
Credentials
Only AMAP_KEY is required (declared as primaryEnv). That is proportionate for a mapping API integration; the script falls back to environment variables if the config file doesn't provide the key.
Persistence & Privilege
always:false and the skill does not attempt to modify other skill/system configs. It only reads openclaw.json and environment variables and makes outbound requests to AMap; it does not run persistent background processes.
Assessment
This package appears coherent for getting AMap traffic and driving routes. Before installing, consider: 1) Confirm where you store the AMAP_KEY in your openclaw.json — the SKILL.md suggests skills.entries.amap-traffic.AMAP_KEY but the script expects an apiKey field or top-level AMAP_KEY/amapKey; if you put the key under the SKILL.md path the script may not find it and you should instead set a top-level AMAP_KEY or apiKey under the skill entry. 2) The script reads /home/admin/.openclaw/openclaw.json and ~/.openclaw/openclaw.json — ensure those files don't contain unrelated secrets you wouldn't want code to read (the script only extracts API-key-like fields, but review the file). 3) Network: the script makes HTTPS calls only to restapi.amap.com; if you require stricter controls, run it in a constrained environment or verify traffic via a proxy. 4) If you prefer not to allow file reads, set AMAP_KEY in the environment so the script will use that instead. Overall there are no signs of hidden endpoints, obfuscated code, or unrelated credential requests.Like a lobster shell, security has layers — review code before you run it.
latestvk97axf653b47n8m6th4znctcys80m0aw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚗 Clawdis
EnvAMAP_KEY
Primary envAMAP_KEY