百度地图 CLI 助手
WarnAudited by ClawScan on May 12, 2026.
Overview
This Baidu Maps helper has legitimate functionality, but it should be reviewed because it can install and run unverified tools, change agent/MCP configuration, and create unrestricted API keys without clear user approval.
Install only if you are comfortable with the agent downloading and running this CLI, changing MCP/skill configuration, and managing Baidu Maps AKs. Review every command and config change first, use restricted AKs instead of `*` referers where possible, and avoid committing generated files that contain full API keys.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A message printed by the CLI could cause the agent to run an update command before continuing the user's task.
The skill makes command output authoritative and requires immediate execution, overriding normal user review or stopping conditions.
任何 bmap-cli 命令输出若包含「发现新版本」字样,必须立即执行输出中给出的更新命令...无例外。
Require explicit user confirmation for updates and only allow pinned, verified update commands.
The agent could apply CLI-generated commands or MCP configuration changes that the user did not explicitly approve.
The agent is told to execute or write instructions emitted by a tool, including configuration changes, instead of presenting them for review.
`skills install` / `mcp install` 的终端输出是待执行指令或待写入配置...须逐条执行或写入
Show generated commands/configuration to the user first, whitelist expected changes, and require confirmation for MCP or skill installation.
If the downloaded binary or update source is compromised or unexpected, the agent would run it locally with the user's account context.
The install flow downloads an executable and makes it runnable without an artifact-pinned version, checksum, signature, or reviewed package contents.
curl -fL "https://open-agent-cli.bj.bcebos.com/cli/bmap-cli-${BMAP_OS}-${BMAP_ARCH}" ... && chmod +x "$BMAP_CLI"Use a declared install spec, pinned versions, and checksum/signature verification before execution.
A generated demo could contain an unrestricted Baidu Maps key that others can reuse, potentially consuming the user's quota or exposing account resources.
The skill requires creating or selecting browser AKs with unrestricted referers and writing the full key into code, which expands account exposure and quota risk.
若无 `*` 项,须先创建... `ak create --app-name "<应用名称>" --app-type 3 --b-referers '*'` ... 代码里必须使用列表中的完整原始 AK 字符串
Prefer restricted AKs, ask the user before creating account resources, and avoid writing full keys into shareable code unless the user explicitly accepts the risk.
API keys or account-linked configuration may be placed into agent/MCP tooling where other tools or sessions could access them.
The skill installs or updates MCP configuration and AK-bearing settings through CLI-generated output, but the artifacts do not bound the exact MCP server, config path, permissions, or credential exposure.
bmap-cli mcp install...将配置写入当前客户端 MCP 文件...重新 `bmap-cli mcp install` 更新 MCP 中的 AK
Review the MCP configuration before writing it, scope any AKs to the minimum needed, and document where credentials are stored and which MCP server receives them.