Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/amap-proxy.js:25
Security audit
Security checks across malware telemetry and agentic risk
The skill mostly matches its travel-map purpose, but its local Amap proxy can execute shell commands from untrusted HTTP query input and should be reviewed or fixed before use.
Review or patch scripts/amap-proxy.js before installing or running this skill. If you proceed, run local servers only when needed, stop them afterward, install dependencies from trusted sources, and avoid using sensitive travel images or private itinerary details unless you are comfortable sharing them with the external services involved.
65/65 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec