Back to skill

Security audit

Baidu Map JSAPI GL(百度地图官方 WebGL SKills)

Security checks across malware telemetry and agentic risk

Overview

This is a Baidu Maps documentation skill with some code-sample security caveats, but it does not install or run hidden code.

Reasonable to install as a documentation aid. Restrict your Baidu Maps AK with domain/IP allowlists and quotas, avoid pasting real keys into prompts or source control, get appropriate consent before sending precise addresses or coordinates to Baidu, prefer HTTPS tile endpoints, and sanitize any user-controlled content before placing it into InfoWindow or custom overlay HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The documentation explicitly encourages passing raw HTML fragments into `InfoWindow` content and titles without any warning about sanitization or trust boundaries. If developers follow this guidance with untrusted user input, it can lead to DOM-based XSS in the application context, especially because the content is rendered in the browser UI.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description states it should auto-trigger on broad terms like '百度地图' or general map-development requests, which can cause the skill to activate outside its intended scope. Over-broad activation can route unrelated user conversations into this skill, increasing the chance of irrelevant guidance, unintended data exposure to the skill context, or interference with safer/more appropriate skills.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill declares a required environment variable for a Baidu Maps API key but does not warn that the key is a sensitive credential. In practice, users may paste AK values into prompts, logs, screenshots, or shared examples, leading to credential leakage and unauthorized API usage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example builds HTML with template literals and assigns attacker-controllable properties (`imgSrc`, `title`, `desc`) directly to `innerHTML`. If developers copy this pattern with untrusted data, it can enable DOM-based XSS, including script execution via injected markup or dangerous attributes. In a map overlay skill, this is more dangerous because overlays often display user- or API-sourced POI content, making unsafe rendering patterns likely to be reused in real applications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes geocoding and reverse-geocoding flows but does not warn that user-provided addresses and coordinates are transmitted to Baidu's mapping service, which can expose sensitive location data. In a map-development skill, developers may copy these examples directly into production and unknowingly send home, workplace, or live-location information to a third party without consent, notice, or minimization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.