Security audit

Amap Settle Guide

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its rental-map purpose, but it tells the agent to copy map-related environment values into user-visible HTML, which can expose credentials.

Review this before installing. Use only intentionally public, domain-restricted AMap browser keys with this skill, do not provide sensitive server-side secrets as AMAP_JSAPI_KEY or AMAP_SECURITY_JS_CODE, and rotate any key that has already been embedded in generated HTML.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill instructs the agent to read additional environment secrets and inject them directly into generated HTML output. That turns confidential credentials into user-visible content or distributable files, creating a straightforward secret-exfiltration path even if those variables were not declared as required metadata.

Ssd 3

High

Confidence: 99% confidence
Finding: This is a true secret-disclosure issue: the skill explicitly directs the agent to extract environment secrets and place them into the HTML it returns. In this context, the danger is heightened because the output is intended for end-user delivery, so credentials can be leaked immediately to the requester and then reused outside the system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.