Baidu Map WebAPI（百度地图官方Web服务 SKills）

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Baidu Maps API guide that requires a Baidu API key and sends location-related inputs to Baidu, with no evidence of hidden execution or persistence.

Install only if you are comfortable using Baidu Maps services. Keep BMAP_WEBAPI_AK out of source code and logs, prefer server-side secret storage, and avoid sending precise user locations, home addresses, vehicle plate numbers, or session identifiers unless the user has clearly requested the map action and the data is necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (16)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The recipe directs POI name and landmark searches to use `administrative_region_search`, which is intended for administrative division queries rather than POI retrieval. In a map/routing skill, this can cause incorrect API selection, failed lookups, or resolution of the wrong destination, which may propagate into downstream routing, ETA, and navigation outputs.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document is internally inconsistent about whether `region` is mandatory: the parameter table says `region/location/bounds` are alternatives, while the FAQ says `query`, `region`, and `ak` are all required. This can cause integrators to build incorrect request validation or fallback behavior, leading to failed requests, broken location lookups, or accidental overconstraint of search scope in production.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The recipe instructs users to submit raw address text to Baidu's geocoding API but does not warn that user-supplied addresses are transmitted to an external third-party service. Addresses often contain sensitive or personally identifiable location data, so silent transmission can create privacy, compliance, and user-consent risks, especially in enterprise or regulated environments.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This recipe explicitly relies on the user's current location to search nearby POIs, but it does not tell the agent to obtain clear consent, minimize location precision, or warn that coordinates will be sent to Baidu's external Web API. Because precise location data is sensitive personal information, omission of privacy guidance can lead to unnecessary disclosure of a user's whereabouts to third parties or retention in logs.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The recipe explicitly requires the user's current location as an input for route planning but does not instruct the agent to provide a user-facing privacy notice, request clear consent, or minimize retention/sharing of that data. Because precise location is sensitive personal data, silently collecting and transmitting it to external map APIs can create privacy, compliance, and trust risks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document instructs callers to send user queries and an access key to Baidu's external API but does not warn that user-provided location/address data will leave the local system or that the AK is a credential that must be protected. In an agent skill context, this omission can lead to unintended third-party data disclosure and insecure handling of secrets by downstream implementations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document instructs callers to send precise origin/destination coordinates, optional POI identifiers, and API credentials to a third-party mapping service, but does not warn about privacy, data sharing, retention, or credential-handling implications. In a mapping skill this is expected functionality, yet omitting privacy and secret-management guidance can lead downstream users to expose sensitive location data or mishandle AK/SN values in client-side code.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to send precise latitude/longitude coordinates and an access key to a third-party reverse geocoding endpoint without warning that location data can be highly sensitive and may reveal a user's home, workplace, or travel patterns. In a developer skill that encourages direct API use, omission of privacy guidance increases the likelihood that sensitive location data and credentials will be transmitted, logged, or embedded in client-side code without adequate protection.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs callers to transmit precise origin/destination coordinates, waypoint history, vehicle plate numbers, and movement metadata such as heading and speed, but it does not warn about the privacy sensitivity of this data or recommend minimization, consent, retention limits, or secure handling. In a location-routing skill, this omission can lead downstream developers to collect and forward personally identifiable movement data without adequate safeguards, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document explicitly describes sending precise coordinates (`center`) and linkable identifiers (`baidu_user_id`, `baidu_session_id`) to a third-party API, but provides no privacy notice, minimization guidance, or warning about the tracking implications. In a skill intended to guide implementation, this omission can cause downstream code to collect and transmit location and session data without informed user consent or appropriate safeguards.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document instructs callers to send precise latitude/longitude and free-form demand text to a third-party reverse geocoding API, but it does not include any warning that this may disclose sensitive location or contextual personal data. In a location-processing skill, omission of privacy guidance can lead developers to collect, transmit, or expose real-time user whereabouts without adequate consent, minimization, or retention controls.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document instructs callers to send precise origin/destination coordinates and API credentials to a third-party service, but provides no warning about location privacy, credential handling, retention, or user consent. In a skill intended to guide implementation, this omission can lead downstream developers to collect and transmit sensitive geolocation data without appropriate safeguards or disclosure.

External Transmission

Medium

Category: Data Exfiltration
Content: |----------|------|------|------|------| | `info` | object | | 版权信息 | None | | `info.copyright` | object | | | None | | `info.copyright.imageUrl` | string | | | http://api.map.baidu.com/images/copyright_logo.png | | `info.copyright.text` | string | | | @2023 Baidu - Data | | `message` | string | | 状态码对应的信息 | ok | | `result` | object | | 返回的结果 | None |
Confidence: 91% confidence
Finding: http://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: "ranking": "郑州市团建聚餐No.2", "children": [], "parent_id": "242425ad4ec48090132935cd", "detail_url": "http://api.map.baidu.com/place/detail?uid=fc6e4cc3de01b0ff095cb3a5&output=html&source=placeapi_v3", "shop_hours": "10:00-14:00,17:30-21:30", "comment_num": "5", "navi_location": {
Confidence: 89% confidence
Finding: http://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | `results[].detail_info.children[].uid` | string \| null | | POI子点ID，可用于详情检索。 | | | `results[].detail_info.classified_poi_tag` | string \| null | | POI展示分类（细致分类）。 | 美食;中餐馆;特色菜 | | `results[].detail_info.comment_num` | string \| null | | POI的评论数。 | 5 | | `results[].detail_info.detail_url` | string \| null | | POI的详情页URL。 | http://api.map.baidu.com/place/detail?uid=fc6e4... | | `results[].detail_info.image_num` | string \| null | | POI图片数。 | | | `results[].detail_info.indoor_floor` | string \| null | | 室内POI所在楼层。 | | | `results[].detail_info.label` | string \| null | | POI权威标签，如停车场类型、景区等级等。 | 特色菜 |
Confidence: 89% confidence
Finding: http://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: |----------|------|------|------|------| | `info` | object | | 版权信息 | None | | `info.copyright` | object | | | None | | `info.copyright.imageUrl` | string | | | http://api.map.baidu.com/images/copyright_logo.png | | `info.copyright.text` | string | | | @2026 Baidu - Data | | `message` | string | | 状态码对应的信息 | ok | | `result` | object | | 返回的结果 | None |
Confidence: 89% confidence
Finding: http://api.map.baidu.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal