Back to skill
Skillv1.0.2
ClawScan security
Baidu Map Android SDK(百度地图官方安卓 SKills) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 4:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only documentation skill for integrating the Baidu Map Android SDK; it does not request credentials, install code, or perform unexpected actions and appears consistent with its stated purpose.
- Guidance
- This skill is a collection of local documentation and examples for integrating Baidu Map Android SDK — it does not itself perform network calls or request secrets. Before using the generated code in a real app: (1) do not paste real AKs or private keys into public places; (2) follow the docs' privacy-requirement: call the privacy API before SDK initialize and obtain user consent as needed; (3) verify Gradle dependency versions and get the SDK from official sources (Maven Central or the vendor) rather than untrusted mirrors; (4) ensure your package name and SHA1 match the AK configuration in Baidu's console; (5) when the agent generates code that runs on your environment, review it manually (especially manifest entries, permissions, services, and any suggested keystore commands).
Review Dimensions
- Purpose & Capability
- okThe name and description match the provided files: comprehensive integration and implementation guidance for Baidu Map Android SDK. The skill requests no environment variables, binaries, or installs, which is appropriate for a documentation-only skill.
- Instruction Scope
- okSKILL.md and the referenced documents limit actions to providing integration guidance, API usage, lifecycle rules, Gradle configuration, and privacy/AK handling. There are no instructions to read unrelated system files, access credentials, call arbitrary endpoints, or exfiltrate data. References to commands (e.g., keytool) are explanatory for developers, not runtime agent actions.
- Install Mechanism
- okNo install spec and no code files to execute. Instruction-only skills are lowest-risk in install mechanism; nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. The documentation explains how developers should supply an AK in their AndroidManifest or code, which is expected and proportionate to the skill's purpose.
- Persistence & Privilege
- okSkill does not request persistent 'always' inclusion or system privileges. It is user-invocable and does not instruct modifying other skills or global agent settings.