Skillv1.1.0

ClawScan security

LovTrip China Map (Amap) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 5:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (call Amap REST APIs) but its metadata omits required runtime artifacts (an AMAP_API_KEY and CLI tools) and the instructions suggest fetching and executing remote code via npx, so there are coherence and install-safety concerns you should review before installing.
Guidance: This skill's code and instructions match the described Amap functionality, but there are two practical red flags: (1) SKILL.md expects you to provide AMAP_API_KEY and to run an MCP via 'npx lovtrip@latest mcp', yet the skill metadata does not declare any required env vars or binaries — verify that you will supply the API key and have curl/python3 available. (2) The recommended MCP invocation downloads and runs a remote npm package at runtime, which is a supply-chain risk. Before installing: verify the lovtrip package and MCP server are from a trusted source (inspect the npm package and its repository), prefer using the local scripts/amap.sh fallback if you don't trust the remote package, limit the AMAP_API_KEY scope and rotate the key after use, and ensure you are comfortable that the MCP endpoint will not forward your API key to unknown third parties. If you need higher assurance, ask the publisher for a homepage/repo and a signed release or provide your own vetted MCP implementation.

Review Dimensions

Purpose & Capability: noteFunctionality (geocoding, POI search, routing, link generation) aligns with the description and the included fallback script uses the official Amap REST endpoints. However the skill metadata declares no required environment variables or binaries while the runtime clearly requires an AMAP_API_KEY and command-line tools (curl, python3). That omission is inconsistent.
Instruction Scope: okSKILL.md stays on-topic: it directs the agent to use an MCP server (lovtrip MCP) or the provided scripts/amap.sh to call Amap APIs. It does not instruct reading arbitrary system files or exfiltrating unrelated data. One operational caveat: the MCP example runs 'npx -y lovtrip@latest mcp', which downloads and runs remote package code at runtime — this expands what actually executes beyond the local script.
Install Mechanism: concernThere is no formal install spec, but SKILL.md recommends invoking an MCP via 'npx lovtrip@latest mcp' (pulls code from npm at runtime). That means unvetted remote code could be executed when the MCP is used. The fallback script is local and benign-looking (uses curl/python3 to call restapi.amap.com), but npx usage increases supply-chain risk.
Credentials: concernRuntime requires a single API key (AMAP_API_KEY) which is proportionate to the stated purpose, but the skill metadata does not declare it. The script also implicitly requires curl and python3 which are not listed as required binaries. The omission of these requirements is an inconsistency the user should be aware of.
Persistence & Privilege: okThe skill does not request persistent/always presence, does not modify other skills, and is user-invocable only. There is no evidence it requests elevated privileges or persistent system changes.