Baidu Map JSAPI GL(百度地图官方 WebGL SKills)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a documentation-only Baidu Maps WebGL guide, with the main cautions being its required Baidu API key and unverified “official” wording.
This skill looks safe to use as a documentation aid. Before installing, verify whether you trust the publisher, create/manage your Baidu Maps AK only through Baidu’s official console, restrict the key appropriately, and remember that map/geocoding/route features in generated apps may call Baidu or selected map tile providers.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or overexposed Baidu Maps key could be abused for quota consumption or unauthorized use within the key’s allowed restrictions.
The skill declares a Baidu Maps API key environment variable as required/primary, which is expected for Baidu JSAPI but still represents delegated provider access.
requires:
env: BMAP_JSAPI_KEY
primaryEnv: BMAP_JSAPI_KEYUse a browser-side Baidu Maps AK with appropriate Referer/IP restrictions, avoid broad production wildcards, and rotate the key if it is exposed unexpectedly.
Users may assume the skill is officially published by Baidu when the provided metadata does not verify that.
The title contains official-sounding wording, but the provided provenance fields do not confirm an official Baidu source.
Name: Baidu Map JSAPI GL(百度地图官方 WebGL SKills); Source: unknown; Homepage: none
Verify the publisher/source separately and use official Baidu console and documentation links when creating or managing API keys.