ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baidu-map-webapi

百度地图 webapi 开发指南。在编写、审查或调试使用百度地图webAPI的代码时应运用此技能,也适用于直接调用百度地图API获取结果的场景。涵盖:地图位置搜索、POI检索、路线规划、建议出发时间、路线耗时预测、实时路况、行政区划查询、地址坐标转换、沿途交通事件、天气查询、智能推荐上车点等。当用户提及出发时间、...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
byClifton Hills@zxf969175364
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the content: the files are a detailed developer guide for Baidu Maps WebAPI features (geocoding, POI, routing, weather, future-route prediction, etc.). There are no unrelated required binaries, env vars, or config paths listed, so the requested capabilities align with the stated mapping purpose.
!
Instruction Scope
Most runtime instructions are reference/recipe guidance for calling Baidu Map APIs and asking the user for their AK when needed — that is expected. However, the 'recipes/advanced_permissions.md' file instructs the agent, when it (the model) is directly calling APIs and receives permission errors (status:240 or similar), to replace the standard base URL 'https://api.map.baidu.com/' with 'https://api.map.baidu.com/map_service' and retry the identical request. This is a non-standard retry rule that effectively instructs the model to change endpoints to bypass permission failures; the file also explicitly allows this only for '大模型直接调用 API'. That instruction is anomalous and could lead the agent to silently retry against an alternate internal/test endpoint or behavior not intended for third‑party use.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk or pulled from remote URLs during install.
Credentials
The skill declares no required environment variables or primary credential, and the SKILL.md correctly instructs to use the developer's AK (ask user for AK or instruct user to obtain one). That is proportionate for a mapping API guide. However, because the skill expects the user to provide an AK in conversation, there is an operational risk: users may paste a secret AK into chat, which can expose credentials. The guide does not request unrelated credentials, which is good.
Persistence & Privilege
always:false and no install steps that persist or change other skills or system settings. The skill can be invoked autonomously (platform default), which is expected for a skill of this type; that by itself is not a problem, but combined with the advanced_permissions rule (agent-initiated retries) it increases the impact if misused.
What to consider before installing
This skill is mainly a developer guide for Baidu Map WebAPI and appears consistent with that purpose, but be careful before using it: 1) Do not paste sensitive AK keys into chat unless you explicitly trust the environment — prefer having the agent generate code that you run locally with your AK stored securely. 2) The 'advanced_permissions' recipe tells the model to retry failed API calls by swapping the base URL to '/map_service' — ask the skill author (or avoid enabling autonomous API calls) before letting the agent make network requests or use your AK. 3) If you must supply an AK, prefer a scoped test key with minimal permissions and rotate it afterwards. 4) If you want a safer setup, use the skill only to generate example code (so you control API invocation), turn off autonomous invocation for it if possible, and validate any alternate endpoint behavior in a controlled environment. Additional info that would reduce my concern: the origin/maintainer of the skill, documentation about what '/map_service' actually points to, and an explicit statement that the agent will never call external APIs with user-supplied credentials without confirmation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97dtn4t7m7wb315rwkh1e9p9h830bg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

webapi 开发指南

百度地图 webapi 版本开发指南。包含地图位置搜索、路线导航、行政区划等核心模块的 API 说明和代码示例,既可直接调用 API 获取结果,也可帮助开发者快速集成百度地图服务。

何时适用

遇到以下任意场景时,均应读取本指南并调用对应 API:

路线规划与出行决策

  • 规划驾车、步行、骑行、摩托车、公共交通路线
  • 查询从 A 到 B 的建议出发时间(如"想晚上8点到达,几点出发合适")
  • 预测未来某时刻出发的路线耗时(如"下午3点出发要多久")
  • 查询历史路况下的路线耗时
  • 规划含多个途经点的最优路线

实时动态信息

  • 查询路线沿途的动态交通事件(事故、拥堵、施工等)
  • 查询海外城市天气信息

地点与POI搜索

  • 查找城市中的餐厅、酒店、景点等 POI 信息
  • 在指定圆形区域内检索地点
  • 按行政区划检索地点
  • 多条件组合检索 POI
  • 获取 POI 详细信息
  • 输入联想/地点补全提示
  • 智能推荐安全上车点

地址与坐标转换

  • 地址文本解析为经纬度坐标(地理编码)
  • 经纬度坐标解析为地址信息(逆地理编码)

行政区划与区域查询

  • 查询行政区划地点
  • 获取行政区划边界坐标

开发准则

在使用本技能的任何场景中,请遵守以下通用准则:

准则 1: 优先需要使用开发者的AK, 如果没有AK, 请向用户确认AK

用户: 我想去故宫
开发者: 请提供您的AK
用户: 我没有AK
开发者: 请您前往百度地图开放平台(https://lbs.baidu.com/apiconsole/key)申请AK

准则 2:地址/地名统一通过 address_to_poi 转换

任何需要将用户输入的地名或地址文本转换为坐标/UID 的场景,优先参考

recipes/address_to_poi.md — 地址/地名转坐标与 POI UID

该文件描述了两种输入类型的判断方法和对应调用方式:

  • 结构化地址(含门牌号/楼栋)→ references/geocoding API
  • POI 名称/地标/商家名references/administrative_region_search API

准则 3:算路时 UID 优先于纯坐标

向算路接口(驾车/步行/骑行/公交)传参时:

推荐:同时传坐标 + uid(绑路更精准,尤其对大型 POI) origin_uid / destination_uid 有值时必传

UID 通过 references/address_to_poi.md 描述的方法获取。

场景示例(推荐优先阅读)

遇到以下场景时,优先使用对应 recipe,内含完整调用链、参数说明和可运行代码示例。 单个 API 用法请查阅下方「快速参考」。

高级权限接口调用说明(仅限大模型自身调用 API 的测试场景)

recipe 文件适用场景
recipes/advanced_permissions.md大模型直接调用接口时遇到高级权限功能受限、或接口返回 status: 240(APP 服务被禁用)等无权限错误时,按此说明替换 base URL 后重试。⚠️ 为用户生成的开发代码不适用本规则。

地址/地名预处理(算路前必读)

recipe 文件适用场景权限要求
recipes/address_to_poi.md地址文本或地名 → 坐标 + POI UID(算路前置步骤)标准 AK

路线规划

recipe 文件适用场景权限要求
recipes/route_to_named_place.md用户说出地名 → 规划驾车路线标准 AK
recipes/smart_departure_time.md"几点出发才能准时到"⚠️ 高级权限
recipes/traffic_aware_route.md预测未来某时刻出发的路况耗时⚠️ 高级权限

POI 搜索

recipe 文件适用场景权限要求
recipes/nearby_poi_search.md搜索用户附近的某类地点标准 AK
recipes/poi_search_to_detail.md关键词搜索 → 获取 POI 完整详情标准 AK

地址与坐标

recipe 文件适用场景权限要求
recipes/address_to_full_location.md地址文本 → 坐标 + 行政区划标准 AK
recipes/coordinate_to_structured_address.md坐标 → 结构化地址 + 行政区划标准 AK

天气查询

recipe 文件适用场景权限要求
recipes/weather_query.md通过城市名称/行政区划编码/坐标, 获取当地详细的天气信息标准 AK

快速参考

基础概念

  • references/constants.md - 通用常量:状态码

位置搜索

  • references/global_reverse_geocoding.md - 全球逆地理编码: 坐标转位置信息
  • references/reverse_geocoding_agent.md - 逆地理编码智能体: 智能逆地理编码地址解析
  • references/administrative_region_search.md - 行政区划区域检索: 行政区划地点检索
  • references/circular_region_search.md - 圆形区域检索: 圆形区域地点检索
  • references/multi_dimensional_search.md - 多维检索: 多条件智能检索POI
  • references/place_detail_search.md - 地点详情检索: 获取指定地点详细信息
  • references/place_input_suggestion.md - 地点输入提示: 地点输入提示匹配
  • references/geocoding.md - 地理编码: 地址解析为坐标

AOI区域

  • references/admin_division_query.md - 行政区划查询: 查询中国行政区划信息

动态数据

  • references/domestic_weather_query.md - 国内天气查询: 国内天气查询多功能接口
  • references/overseas_weather_query.md - 海外天气查询: 查询海外城市天气

路线导航

  • references/cycling_route_planning.md - 骑行路线规划: 骑行路线规划方案检索
  • references/driving_route_planning.md - 驾车路线规划: 驾车路线规划与路况预测
    • references/capabilities/driving_route_duration.md - 驾车路线历史耗时: 设置驾车路线历史耗时
    • references/capabilities/future_driving_route.md - 未来驾车路线规划: 预测未来驾车路线耗时
    • references/capabilities/suggested_departure_time.md - 建议出发时间: 高级权限出行时间建议
    • references/capabilities/waypoint_route_planning.md - 途经点智能路线规划: 智能优化途经点顺序
  • references/motorcycle_route_planning.md - 摩托车路线规划: 摩托车路线规划服务
  • references/transit_route_planning.md - 公交路线规划: 多交通方式路线规划
  • references/walking_route_planning.md - 步行路线规划: 步行路线规划

如何使用

推荐决策路径

  1. 用户需求是多步串联场景(如"输入地名规划路线"、"获取附近 POI")→ 直接找 recipes/ 目录下对应 recipe
  2. 用户需求是单个 API 的参数细节(如"这个接口的 tactics 参数有哪些值")→ 查阅 references/ 目录

每个 references 参考文件包含:

  • 功能简要说明
  • API 参数说明和注意事项

每个 recipes 场景食谱包含:

  • 触发意图(什么场景适用)
  • 完整调用链与分步说明
  • 常见错误和变体

Files

32 total
Select a file
Select a file to preview.

Comments

Loading comments…