Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Baidu Map IOS SDK(百度地图官方IOS SKills)
v1.0.1百度地图 iOS SDK 与 BMKLocationKit 集成与开发规范。覆盖地图、定位、步骑行导航、检索、路线、标注与覆盖物;输出专业地图方案。可快捷使用百度地图 SDK 的能力与数据,构建功能丰富、交互性强的专业地图类应用。
⭐ 1· 267·0 current·0 all-time
bybaidu-maps@lbs-bmap
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, the provided reference docs, and the declared requirements align: this is an instruction-only integration/implementation guide for Baidu Map iOS SDK and related kits. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
The SKILL.md explicitly requires the agent to run an automated build (xcodebuild) against the user's workspace/scheme and to "immediately fix" compile errors and re-run builds repeatedly until BUILD SUCCEEDED. That gives the agent broad, open-ended permission to modify the user's project files, code, and build settings until the build passes. While fixing integration compile errors is within the skill's stated purpose, the instruction is open-ended (no limits on what files may be changed, no explicit approval step) and could lead to unexpected or extensive changes outside the minimal integration scope.
Install Mechanism
No install spec or external downloads — instruction-only. This is lower risk because nothing is automatically written to disk by the skill itself beyond whatever the agent edits in the user's project (which is expected for integration assistance).
Credentials
The skill requests no environment variables, credentials, or config paths. It instructs the agent to prompt the developer to obtain an AK from Baidu LBS console and to ensure the app's Bundle Identifier matches — that is appropriate and proportional to the stated purpose.
Persistence & Privilege
always:false and no persistent installs. The skill permits autonomous invocation (default), which is normal for skills. The main risk arises from combining autonomous invocation with the build-and-fix loop in the instructions: an autonomously-invoked agent could repeatedly modify the project without explicit human approval unless the platform or user restricts autonomy.
Scan Findings in Context
[no_code_files_regex_scan] expected: The repository is instruction-only (SKILL.md + many reference docs) so the regex pre-scan had nothing to analyze; absence of matches is expected and not evidence of safety.
What to consider before installing
This skill is a detailed, coherent Baidu Maps iOS integration guide and appears to contain legitimate guidance for integrating BaiduMapKit/BMKLocationKit/BaiduWalkNaviKit. However, the runtime instructions require the agent to run xcodebuild and to automatically edit and recompile the user's Xcode project until the build succeeds. Before installing or enabling this skill, consider:
- Do you trust the agent to make code changes automatically? The skill gives the agent open-ended permission to modify project files and build settings to achieve a successful build.
- If you proceed, work on a copy/branch of your project and enable version control so you can review and revert changes.
- Prefer running the build-and-fix loop yourself or require the agent to present proposed code patches for explicit human approval before applying them.
- Keep backups and run the skill in an isolated environment (CI sandbox or disposable clone) first.
- The skill does not request secrets; still avoid pasting sensitive credentials into chat. The agent will prompt you to obtain and configure the Baidu AK and Bundle Identifier — configure those locally and intentionally.
If you want lower-risk use: ask the agent to only generate patch suggestions (diffs) and not to apply or execute builds automatically.Like a lobster shell, security has layers — review code before you run it.
latestvk97c36hvhrt627cmehna40qwxd84cmbc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.