Tencent Maps

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tencent Maps connector that runs read-oriented map, route, geocoding, and weather actions through the OOMOL `oo` CLI.

Install this only if you intend to let the agent send Tencent Maps queries through OOMOL using your connected Tencent Maps account. Review the `oo` CLI install/login flow before first use, be aware that location and routing queries go to the connector/Tencent Maps and may consume credits, and require explicit confirmation before using any future state-changing Tencent Maps action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description says to use this skill for ANY Tencent Maps request and instead of calling the API directly, which is overly broad routing guidance. This can cause the agent to invoke the skill in situations where a narrower, safer, or more appropriate tool should be used, increasing the chance of unintended command execution or unnecessary exposure to connector-mediated actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal