ClawHub

Map Agent - Android LLM Agent SDK(高德官方 AI Agent Skill)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AMap Android SDK guide, but it gives code patterns for precise location sharing, app control, and telemetry without enough consent and safety guidance.

Review before installing or using this skill to generate production code. Verify the publisher and SDK coordinates with official AMap sources, add Android runtime permission checks and explicit in-app consent before starting location updates, limit high-accuracy updates to active navigation or user-requested map tasks, require confirmation before changing navigation or authentication state, and avoid logging prompts, routes, POIs, session IDs, or location details unless users have been clearly informed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary Android/AI integration requests, which can cause the skill to activate in contexts the user did not specifically intend. Because this skill covers navigation, app linking, and location-related capabilities, overbroad invocation increases the chance of unintended guidance that touches sensitive device interactions or user data flows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description omits a clear warning that the skill involves location data, navigation actions, and communication with the AMap app, all of which may affect user privacy and trigger external app behavior. In a skill that teaches SDK integration, failing to surface these behaviors can mislead users and developers about consent, data handling, and system-level effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly describes using LinkClient for data synchronization and remote control of the AMap app, but it does not mention consent, privacy boundaries, or the sensitivity of navigation/taxi/account-related data. In an Android SDK guide for natural-language map control, omission of these warnings can lead developers to implement cross-app control and data sharing without adequate user notice, authorization checks, or compliance review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented commands can alter active navigation state, switch routes, trigger authentication, and interact with an external app, yet the guide provides no warning that these actions may materially affect user travel, safety, or account state. In a voice/LLM-driven agent context, undocumented safety constraints increase the risk that developers expose powerful actions without confirmation prompts, user awareness, or misuse protections.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly recommends enabling multi-path sending and performance tracking without any notice about what data may be collected, transmitted, or retained, and without mentioning consent or platform privacy obligations. In a navigation/LLM/map SDK context, telemetry can include sensitive behavioral or location-adjacent data, so normalizing this feature without safeguards creates a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs developers to collect continuous high-precision location updates every 1000ms and forward them to the Agent SDK, but it does not pair this with a clear user-facing consent flow, runtime permission guidance, retention/sharing disclosure, or privacy-minimizing defaults. In a navigation/LLM-agent context, this can lead integrators to deploy background-like continuous location sharing without adequately informing users, increasing privacy and regulatory risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal