ClawHub

tmap-lbs-service

Security checks across malware telemetry and agentic risk

Overview

This Tencent Maps skill is coherent, but it needs review because it can put API keys and precise location or trajectory data into third-party requests and shareable links.

Install only if you are comfortable sending map searches, addresses, precise coordinates, route preferences, optional plate numbers, and trajectory data links to Tencent services. Use a temporary, referrer-restricted, quota-limited Tencent Maps key; avoid sharing generated links; rotate any key that appears in chat, logs, or browser history; and do not use private, signed, or sensitive GPS data URLs with the trajectory feature.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares required environment configuration and clearly intends to call external Web service APIs, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: the runtime may still access secrets and the network without users or platform reviewers seeing an explicit permission contract, increasing the chance of unintended data exfiltration or over-privileged execution.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill exposes a setter that writes arbitrary values into process.env.TMAP_LBS_CONFIG at runtime, giving the module configuration-mutating capability beyond its core map-query purpose. While it is limited to a single expected variable and not obviously malicious, mutating process-wide environment state can enable unexpected cross-component effects, persistence of sensitive configuration in memory, and misuse by other code paths that import this module.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger keywords are very broad, including generic verbs like 搜, 找, 查 and common location terms such as 附近 and 周边. This can cause the skill to activate on ordinary conversation and route user queries containing sensitive location intent or personal travel context to an external mapping service without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation section describes scenarios in broad, overlapping terms and lacks clear constraints for when the skill should not run. Ambiguous activation logic raises the risk of accidental invocation, causing user-provided locations, routes, or travel plans to be processed externally when the user did not clearly request Tencent Maps functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill handles trajectory data, nearby searches, route planning, and API calls based on user-provided locations, but it does not provide a clear privacy notice or explicit warning that sensitive location data may be sent to external Tencent services. Location history and trajectory data are highly sensitive, so silent transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The routing and place-search functions send user-supplied coordinates, destinations, city names, waypoints, and even plate_number values to Tencent's external API, but the code provides no user-facing notice, consent flow, or data-minimization guardrails. In a location service skill this data transfer is functionally necessary, but the undisclosed transmission of precise movement and location data to a third party creates a real privacy risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The scene description says the flow is for direct keyword search, but it does not define clear guardrails for when this scene should or should not be selected. In an agent setting, overly broad routing can cause the skill to activate on ambiguous user inputs and generate map links for requests that should instead require clarification, more precise location context, or a different tool path.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill content is written entirely in Chinese and the reply template mandates Chinese output without indicating that language should follow user preference. In a multi-lingual agent, this can cause incorrect or exclusionary behavior, reduce user comprehension, and increase the chance that users click links they do not fully understand.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly asks the user for a Tencent Maps API key and instructs embedding that key directly into request URLs and returned links. Putting secrets in URLs increases the chance of exposure through logs, browser history, referrer headers, screenshots, and link sharing, which can lead to unauthorized API usage and quota or billing abuse.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document explicitly instructs users to provide a temporary API key and shows returning `_raw` API responses, but gives no warning about secret handling, data minimization, or privacy implications. In a location-services skill, raw responses may contain precise location data, contact details, and other metadata that can be unnecessarily logged, exposed, or reused if consumers follow the examples directly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly describes sending route-planning data to Tencent Map Web Service but does not warn that sensitive user data such as origin, destination, waypoints, departure time, and especially plate_number will be transmitted to a third party. In a location-services skill, this omission can mislead users and integrators about privacy exposure, increasing the risk of unintended sharing of movement patterns or regulated personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs embedding a user-provided Tencent Maps API key directly into a generated travel-planning URL. Putting secrets in query parameters exposes them through browser history, logs, referrer headers, screenshots, and shared links, which can lead to unauthorized API use and quota or billing abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to accept an arbitrary external JSON URL and embed it into a generated map link without any privacy, trust-boundary, or domain-safety guidance. This can expose sensitive location-history data in shareable links, and may cause users to load attacker-controlled or private data sources through a third-party map page, increasing privacy leakage and unintended disclosure risks.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal