Amap Maps StreamableHTTP

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed maps gateway wrapper, but users should understand that location-related inputs are sent to external services.

Install only if you are comfortable sending map queries, coordinates, routes, addresses, POI searches, weather locations, or IP lookups to OneKey Gateway/Amap. Configure your own DEEPNLP_ONEKEY_ROUTER_ACCESS key instead of relying on the demo fallback, and use pinned dependencies or an isolated environment for production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code embeds a fallback router credential directly in source via `os.getenv(..., "BETA_TEST_KEY_MARCH_2026")`, which means the script can authenticate to an external service even when no runtime secret is provisioned. Hardcoded credentials are dangerous because they are easily leaked through source distribution, logs, or reuse across environments, and they weaken secret-management controls for a narrowly scoped autogenerated maps tool.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script embeds a fallback router access key directly in code when the environment variable is absent. Hardcoded credentials are easily exposed through source distribution, logs, or reverse engineering, and they can allow unauthorized use of the upstream routing service or broader access depending on what the key permits.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script retrieves a router credential from an environment variable and silently falls back to a hard-coded key. Embedding a default access token in code is a real security weakness because it can be reused unintentionally, exposed through source distribution, and blur environment separation between testing and production.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code fetches a router credential from an environment variable but silently falls back to a hard-coded test key when none is set. Embedding default credentials is dangerous because it can enable unauthorized service access, accidental use of shared credentials, and makes the skill function in environments where operators may assume authentication is properly configured.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This skill processes precise coordinates, addresses, itinerary points, and IP addresses through an external commercial gateway, but the documentation does not warn users that such sensitive location data will be transmitted off-platform. The omission can lead to unintentional disclosure of personal or organizational travel/location information and undermines informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script reads a credential-like environment variable and falls back to a hardcoded default value, which appears to be an access key. This can cause accidental unauthorized use of a shared or embedded credential, leak service access to anyone running the skill without configuration, and makes secret management unsafe in a distributed agent environment.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script retrieves a router access credential from an environment variable and falls back to a hardcoded default token string if the variable is unset. Embedding a usable default secret is dangerous because it can enable unauthorized use of the upstream service, credential leakage through source distribution, and accidental deployment with shared test credentials.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script forwards user-supplied JSON payload data directly to a remote router service without any user-facing notice, consent prompt, or data-sensitivity guardrails. In this context, the payload includes location fields such as longitude and latitude, so the code can transmit precise location data to an external service, creating privacy and compliance risks.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This wrapper forwards user-supplied payload fields directly to a remote router service with no visible disclosure, confirmation, or data minimization. In a maps-related skill, inputs may contain sensitive organizational or route data, so silent transmission to an external service creates a privacy and data-handling risk even if the forwarding is expected for functionality.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script uses a hardcoded default access credential when the environment variable is absent, which can unintentionally expose backend router access to anyone running the skill without explicit configuration. Embedding fallback secrets in distributable code is dangerous because they are easily extracted, reused across deployments, and may grant unauthorized access to external services.

Unpinned Dependencies

Low

Category: Supply Chain
Content: ai-agent-marketplace>=0.0.10
Confidence: 93% confidence
Finding: ai-agent-marketplace>=0.0.10

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal