调用百度地图api功能
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: baidu-map-api Version: 1.0.0 The skill bundle is designed to interact with the Baidu Map Web Service API. It uses `curl` to make HTTP requests to legitimate Baidu API endpoints (e.g., `https://api.map.baidu.com/`), authenticating with an Access Key (`BAIDU_MAP_AK`) read from an environment variable. All instructions in `SKILL.md` and `README.md` are directly related to the stated purpose of providing map services. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection instructions against the agent to perform actions outside the skill's stated purpose. The use of `curl` and an API key is expected for this type of functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial search term/address could cause an unintended command or request if copied into the shell without proper escaping.
The skill instructs curl calls with user-supplied values placed into shell command URLs. This is normal for a map API helper, but unsafe raw substitution could break requests or allow shell metacharacters if not encoded and quoted safely.
# 将 [关键词] 和 [城市] 替换为实际内容 curl "https://api.map.baidu.com/place/v2/search?query=[关键词]®ion=[城市]&output=json&ak=$BAIDU_MAP_AK"
URL-encode all request parameters and use safe argument construction, such as curl --get with --data-urlencode, instead of raw string substitution.
API calls may consume the user's Baidu Maps quota and are attributable to the configured key.
The skill requires a Baidu Maps Access Key and uses it for API calls. This is expected and disclosed, but the key is tied to the user's Baidu Maps account and quota.
必须在百度地图开放平台申请一个应用,并获取 Access Key (AK),然后将其设置为环境变量 `BAIDU_MAP_AK`
Use a restricted Baidu Maps AK where possible, monitor usage, and rotate the key if it is exposed.
Baidu may receive location-related queries such as addresses, routes, coordinates, or IP-derived location lookups.
The skill sends user-provided addresses, coordinates, route endpoints, or IP lookup values to Baidu's external API. This is core to the skill's purpose, but the data can be location-sensitive.
curl "https://api.map.baidu.com/geocoding/v3/?address=[地址]&output=json&ak=$BAIDU_MAP_AK"
Only use the skill for location data you are comfortable sending to Baidu, and review Baidu Maps platform privacy and retention terms if needed.