amap
Analysis
This instruction-only skill coherently uses curl and an Amap API key to send user-requested map, weather, search, and routing queries to Amap, with no hidden code or deceptive behavior shown.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
curl "https://restapi.amap.com/v3/weather/weatherInfo?key=$AMAP_KEY&city=[城市adcode]&extensions=base"
The skill uses direct curl calls to Amap API endpoints. This is central to the stated purpose and the examples are scoped, but users should notice that invocations make external network requests.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
你必须在高德开放平台申请一个 Web 服务 API Key,并将其设置为环境变量 `AMAP_KEY`。
The skill requires an Amap Web Service API key in an environment variable. This credential use is disclosed and purpose-aligned for calling Amap APIs.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
curl "https://restapi.amap.com/v3/geocode/geo?key=$AMAP_KEY&address=[地址]"
The documented API calls send user-provided addresses, coordinates, keywords, or city data to the external Amap provider. This is expected for the skill's function, but it is a data boundary users should understand.