ClawHub

.Gaodemapskill.Conflict

v1.0.0

A skill to interact with Gaode Map (AMap) for location search and route planning.

0· 115·0 current·1 all-time
by深山大柠檬@beelkic·fork of @279458179/gaodemapskill (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description, required binary (python), and required env var (AMAP_API_KEY) align with a mapping client. The included amap_tool.py implements place search, geocoding, and route planning against AMap REST endpoints. Minor note: the _meta.json ownerId differs from the registry ownerId in the provided metadata — likely a packaging/metadata mismatch but not directly harmful to functionality.
Instruction Scope
SKILL.md instructs only to run the provided Python script with parameters. The script reads the AMAP_API_KEY (or --key), calls AMap REST APIs (restapi.amap.com), and prints JSON results. It does not read other environment variables, system files, or forward data to unexpected endpoints.
Install Mechanism
No install spec is provided (instruction-only skill) and the repository only includes a small Python script and requirements.txt (requests). There are no downloads from arbitrary URLs or archive extraction steps. Dependency on the 'requests' package is expected and low risk.
Credentials
Only AMAP_API_KEY is required, which is appropriate for calling AMap APIs. No other credentials, tokens, or secrets are requested. As best practice, the API key should be scoped/restricted (map-only, restrict referrers or IPs) before use.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. It does not modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but not combined here with any broad credential access.
Scan Findings in Context
[pre_scan_injection] expected: Static pre-scan reported no injection signals. For a simple HTTP client script, absence of findings is expected.
Assessment
This skill appears to do what it claims: call AMap APIs for searches and routing. Before installing: 1) Confirm the skill owner and source (the _meta.json ownerId differs from the registry ownerId in the package metadata). 2) Only provide an AMAP_API_KEY that is limited to map services and use referrer/IP restrictions if possible. 3) Review the included amap_tool.py yourself or run it in an isolated environment if you have any doubt. 4) Ensure your environment has Python and the 'requests' package installed. If you need stricter controls, avoid granting a general-purpose or high-privilege API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778hzyyczqr4m0gxy2br47bs832kr3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython
EnvAMAP_API_KEY

Comments