Baidu Map Android SDK（百度地图官方安卓 SKills）

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Baidu Maps Android SDK skill whose location, API key, and sharing guidance fit its stated purpose.

Installers should treat this as Baidu Maps developer documentation, not executable code. Before using generated examples in an app, make sure users consent to Baidu SDK privacy terms, request Android location permissions only when needed, keep the AK scoped to the correct package and signing certificate, and require an explicit confirmation before creating or sharing location, POI, or route short links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document describes generating and sharing short URLs for POI details, exact locations, and route plans without any mention of user consent, visibility of the shared content, retention, or privacy risk. In an Android map SDK integration skill, this omission can lead developers to expose sensitive location or travel data through user-triggered or automated sharing flows without adequate warning or safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal