调用百度地图api功能
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial search term/address could cause an unintended command or request if copied into the shell without proper escaping.
The skill instructs curl calls with user-supplied values placed into shell command URLs. This is normal for a map API helper, but unsafe raw substitution could break requests or allow shell metacharacters if not encoded and quoted safely.
# 将 [关键词] 和 [城市] 替换为实际内容 curl "https://api.map.baidu.com/place/v2/search?query=[关键词]®ion=[城市]&output=json&ak=$BAIDU_MAP_AK"
URL-encode all request parameters and use safe argument construction, such as curl --get with --data-urlencode, instead of raw string substitution.
API calls may consume the user's Baidu Maps quota and are attributable to the configured key.
The skill requires a Baidu Maps Access Key and uses it for API calls. This is expected and disclosed, but the key is tied to the user's Baidu Maps account and quota.
必须在百度地图开放平台申请一个应用,并获取 Access Key (AK),然后将其设置为环境变量 `BAIDU_MAP_AK`
Use a restricted Baidu Maps AK where possible, monitor usage, and rotate the key if it is exposed.
Baidu may receive location-related queries such as addresses, routes, coordinates, or IP-derived location lookups.
The skill sends user-provided addresses, coordinates, route endpoints, or IP lookup values to Baidu's external API. This is core to the skill's purpose, but the data can be location-sensitive.
curl "https://api.map.baidu.com/geocoding/v3/?address=[地址]&output=json&ak=$BAIDU_MAP_AK"
Only use the skill for location data you are comfortable sending to Baidu, and review Baidu Maps platform privacy and retention terms if needed.