Baidu AI Map(百度地图官方AI SKills)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Baidu Maps helper, but it uses a Baidu service token and sends map, route, weather, and location queries to Baidu’s API.
This skill looks safe to use for Baidu Maps tasks if you are comfortable sharing map searches, route requests, and location coordinates with Baidu. Keep BAIDU_MAP_AUTH_TOKEN private, use the minimum necessary location detail, and watch for quota or billing impact from repeated API calls.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make Baidu Maps API calls on the user’s behalf, which can consume service quota or token allowance.
The skill instructs the agent to make HTTP requests to a defined Baidu Maps API endpoint. This is expected for the skill’s stated purpose and is bounded to the provider URL.
所有能力统一使用: > **Base URL**: `https://api.map.baidu.com/`
Use this skill only when you want the agent to query Baidu Maps, and monitor API/token usage if your Baidu account has quotas or costs.
If the token is exposed or misused, someone could make Baidu Maps API requests under the user’s account or quota.
The skill requires a Baidu Maps service key and sends it as a bearer token for authentication. This is purpose-aligned, but the token grants access to the user’s Baidu Maps API usage.
优先读取环境变量 `BAIDU_MAP_AUTH_TOKEN`... `Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN`
Store the token only as an environment variable, avoid pasting it into chat, restrict it where Baidu allows, and rotate it if exposed.
Precise locations, route plans, nearby searches, and other map-related requests may be shared with Baidu Maps.
The skill tells the agent to send complete user map requests and, for routing, current-location coordinates to Baidu’s API. This is expected for maps functionality but may include sensitive location or travel intent.
`user_raw_request`: 用户原始需求,原样完整传入,不可压缩为关键词... `location`: 用户当前位置坐标(`lat,lng`,gcj02)
Avoid including unnecessary personal details in map queries, and confirm precise home/work/current-location coordinates before sending them.