ClawHub

tmap-test

Security checks across malware telemetry and agentic risk

Overview

This Tencent Maps skill is purpose-aligned, but users should treat map queries, route details, trajectory links, plate numbers, and API-key-bearing URLs as sensitive.

Install only if you are comfortable using Tencent Maps for these requests. Use a temporary, referrer/IP-restricted API key with quota limits, avoid sharing generated URLs, rotate the key after use, and do not submit sensitive home/work routes, private trajectory URLs, or plate numbers unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares required environment variables and implies outbound API usage, but does not declare corresponding permissions. This creates a governance gap: the runtime may still enable network and secret access without clear review, making it easier for the skill to exfiltrate location queries or API credentials through undocumented behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions include very broad terms such as '搜', '找', '查', '附近', '周边', '路线', and '规划', which are common in ordinary conversations. Overbroad activation can cause the skill to capture unrelated user requests and send unnecessary location or search data to external Tencent services without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn that route planning, geocoding, POI search, and nearby search use external Tencent Web Service APIs and may transmit user-provided location data. Because the skill handles precise places, routes, and uploaded trajectory data, missing disclosure increases privacy risk and prevents informed consent for third-party data sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends user-supplied location and routing data to Tencent Map external endpoints, but the call paths shown here do not provide any explicit notice, consent check, or data-minimization control at the point of transmission. In a location-services skill, this creates a real privacy risk because precise coordinates and movement intents can reveal sensitive personal behavior, even though the network destination is the expected service provider rather than an attacker-controlled host.

Missing User Warnings

High
Confidence
96% confidence
Finding
The driving route function conditionally includes a vehicle plate number in requests to an external Tencent Map API without any visible warning, masking, or consent mechanism. Plate numbers are sensitive identifiers that can be tied to an individual or vehicle, so transmitting them to a third party without clear disclosure increases privacy and compliance risk beyond ordinary route planning.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly places a user-provided Tencent Maps API key directly into curl commands and generated URLs, which can expose the key through logs, browser history, referrers, screenshots, shared links, or downstream telemetry. Because the workflow asks the agent to echo the full URL back to the user, the secret is more likely to be leaked or reused unintentionally.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document instructs users to supply a temporary Tencent Maps API key and demonstrates printing full structured results, including the `_raw` upstream API response, to the console without any guidance on redacting secrets or minimizing logged data. While the markdown itself does not expose a secret, this workflow increases the risk of credential mishandling and leakage of returned location/contact data through logs, terminals, or shared debugging output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes route-planning features using precise origin and destination coordinates, but it does not clearly disclose that these user-supplied locations are transmitted to Tencent Map Web Service API. Location data is sensitive personal information, and lack of notice can cause inadvertent privacy exposure, especially when users assume processing is local or only within the agent environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs returning a user-facing travel-planning URL that embeds the user's Tencent Maps API key in the query string. Query-string credentials are easily exposed through chat transcripts, browser history, logs, screenshots, link sharing, and downstream referrer leakage, so this creates a real credential-disclosure risk even if the key is described as temporary.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal