Baidu Map Android SDK(百度地图官方安卓 SKills)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent documentation-only Baidu Maps Android SDK guide, but users should verify its official provenance and handle SDK keys, dependencies, and location data carefully.
This skill appears safe as documentation-only guidance. Before using it, verify the instructions against Baidu’s official docs, pin dependency versions, protect and restrict your Baidu AK, and make sure any app built from the guidance clearly asks for privacy consent before using or sharing location data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might assume the guide is officially maintained when the provided provenance does not prove that.
The display name suggests official status, but the registry metadata does not provide an official source or homepage.
Name: Baidu Map Android SDK(百度地图官方安卓 SKills) ... Source: unknown ... Homepage: none
Verify guidance against Baidu’s official documentation before relying on version numbers, privacy wording, or SDK setup details.
Using floating dependency versions may pull different SDK code over time.
The guide allows dynamic Gradle dependency versions, which can make builds less reproducible even though this is user-directed and purpose-aligned.
不写版本号可改为 `+` 或具体版本号
Prefer pinned SDK and Gradle versions, use official repositories, and verify checksums when replacing wrapper files.
The app you build from this guidance may access user location and rely on a Baidu account key.
The generated Android app is expected to use a Baidu API key and request location permissions for map/location features.
<meta-data android:name="com.baidu.lbsapi.API_KEY" android:value="您的AK" /> ... ACCESS_FINE_LOCATION ... ACCESS_COARSE_LOCATION
Restrict the AK by package name/SHA1, enable only needed services, avoid committing secrets, and request location permissions only when needed.
Location, route, POI, or search data may be sent to Baidu services or opened in the Baidu Maps app/web flow.
The guide describes sending location data to Baidu SDK services to create share URLs or invoke external Baidu Map flows, which is expected for this SDK but sensitive.
requestLocationShareUrl(new LocationShareURLOption().location(latLng).name(...).snippet(...)) ... getUrl() 得短链
Disclose these data flows in the app privacy notice, gate them on user consent, and avoid sharing sensitive locations unless the user explicitly requests it.