腾讯地图api调用技能
PassAudited by ClawScan on May 1, 2026.
Overview
This is a mostly coherent Tencent Maps API helper that uses an expected API key and network calls, with only minor review notes about external location-data sharing, URL parameter handling, and a documented route feature that is not implemented.
Before installing, make sure you are comfortable providing a Tencent Maps API key and sending queried addresses or coordinates to Tencent Maps. Use a restricted key if possible, watch quota usage, and be aware that the documented route command does not appear to be implemented in the included script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Normal map searches should work, but unusual characters in addresses or keywords could change the API request unexpectedly or fail.
The script directly places user-controlled arguments into a URL and calls curl. The curl call is purpose-aligned and quoted, but lack of URL encoding can cause malformed requests or parameter confusion for special characters.
URL="${BASE_URL}/place/v1/search?boundary=region(${REGION},0)&keyword=${KEYWORD}&page_index=${PAGE_INDEX}&page_size=${PAGE_SIZE}&key=${API_KEY}&output=json"
RESPONSE=$(curl -s "$URL")Use normal map-search inputs, and maintainers should URL-encode query parameters before constructing curl URLs.
Requests made through this skill may consume your Tencent Maps API quota and are associated with your API key.
The skill reads a Tencent Maps API key from the environment and uses it for API requests. This is declared and expected for a Tencent Maps integration, but it grants use of the user's Tencent Maps quota and account configuration.
API_KEY="$TENCENT_MAP_KEY"
Use a restricted Tencent Maps key where possible, monitor usage, and avoid sharing the key in logs or prompts.
Personal addresses, coordinates, or search locations entered through the skill will be sent to Tencent Maps.
Coordinates, addresses, regions, and search keywords are sent to the Tencent Maps API endpoint. This is disclosed and central to the skill, but location/address data can be sensitive.
BASE_URL="https://apis.map.qq.com/ws"
URL="${BASE_URL}/geocoder/v1/?location=${LAT},${LNG}&key=${API_KEY}&output=json"Avoid submitting highly sensitive personal locations unless you are comfortable with Tencent Maps receiving those queries under your API key.
If you ask for route planning, the skill may fail or report the operation as unsupported.
The documentation advertises a route command, but the provided script implements search, reverse_geocode, geocode, and around branches only. This is a functionality mismatch rather than evidence of malicious behavior.
### 4. 路线规划 (route)
计算两点间的路线信息
```bash
bash {baseDir}/scripts/tencent_map.sh route "起点地址" "终点地址" "driving|walking|transit"
```Treat route planning as unavailable until the maintainer adds a route implementation or updates the documentation.