ClawHub

Baidu Maps Sse

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed maps gateway wrapper, but users should know it sends location queries to OneKey and includes a shared demo access key fallback.

Install only if you are comfortable sending map queries, addresses, and coordinates through OneKey Gateway and any downstream maps provider. Prefer setting your own DEEPNLP_ONEKEY_ROUTER_ACCESS key instead of relying on the shared demo fallback, and avoid submitting sensitive home, work, or private travel locations unless the provider’s data handling is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code loads a router credential from an environment variable but silently falls back to a hardcoded token. Embedding a default access key in shipped code creates credential exposure risk, enables unauthorized use if the code is copied or published, and can route requests through a privileged external service without explicit operator setup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages use of a fallback demo key without clearly warning that user-supplied addresses, coordinates, and place queries will be transmitted to an external gateway service. In a maps skill, this is more sensitive because location data can reveal home/work patterns, travel intent, or other personal information, and a shared demo key can also weaken accountability and data isolation.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The code embeds a default router access key ("BETA_TEST_KEY_MARCH_2026") and uses it whenever the environment variable is unset. Hardcoded credentials are dangerous because they can be extracted from source control, reused by unauthorized parties, and make it easy to accidentally deploy with a shared or non-rotated secret.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads a router access credential from an environment variable and falls back to a hardcoded default token-like value if the variable is absent. Embedding a default credential in distributable code is dangerous because it can enable unauthorized use of the backend service, make credential rotation harder, and cause users to unknowingly transmit requests under a shared or exposed account.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Using a built-in default token for sensitive credential access means the script can authenticate to an external service even when the operator did not intentionally configure credentials. This weakens deployment security, obscures data flow to third parties, and risks abuse if the embedded token is valid beyond testing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-supplied latitude and longitude to an external router service without any notice, consent prompt, or indication of where the data is going. Location data is sensitive personal information, and silent transmission can create privacy and compliance risk if operators or end users do not realize the coordinates are leaving the local environment.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal