amap
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently uses curl and an Amap API key to send user-requested map, weather, search, and routing queries to Amap, with no hidden code or deceptive behavior shown.
This skill appears safe to install for its stated purpose. Before using it, set a dedicated AMAP_KEY, avoid sharing the key, and remember that addresses, coordinates, route endpoints, and place searches you ask about will be sent to Amap's Web Service API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill sends requests to Amap and may consume API quota or reveal the query content to that service.
The skill uses direct curl calls to Amap API endpoints. This is central to the stated purpose and the examples are scoped, but users should notice that invocations make external network requests.
curl "https://restapi.amap.com/v3/weather/weatherInfo?key=$AMAP_KEY&city=[城市adcode]&extensions=base"
Use it for intended map/weather/routing queries and review sensitive addresses or coordinates before sending them.
Anyone with access to the environment variable could use the user's Amap API key and quota.
The skill requires an Amap Web Service API key in an environment variable. This credential use is disclosed and purpose-aligned for calling Amap APIs.
你必须在高德开放平台申请一个 Web 服务 API Key,并将其设置为环境变量 `AMAP_KEY`。
Use a dedicated, least-privileged Amap key if possible, keep it out of logs and shared shells, and rotate it if exposed.
Location-related queries may disclose personal places, travel plans, or other sensitive location context to Amap.
The documented API calls send user-provided addresses, coordinates, keywords, or city data to the external Amap provider. This is expected for the skill's function, but it is a data boundary users should understand.
curl "https://restapi.amap.com/v3/geocode/geo?key=$AMAP_KEY&address=[地址]"
Avoid sending highly sensitive addresses or coordinates unless necessary, and review Amap's privacy and API terms for how query data is handled.