Amap Poi Fetch

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it publishes and uses a real AMap API key by default, so it should be reviewed before installation.

Review before installing. Prefer supplying your own AMap key with --key or AMAP_KEY, treat the bundled key as exposed, and expect generated POI data to remain in the OpenClaw workspace. Install openpyxl only in a trusted environment if Excel export is needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documents and enables environment access, filesystem reads/writes, and outbound network use, but declares no permissions or trust boundaries. This creates a transparency and governance gap: a caller may invoke a data-collecting skill without being informed that it can access credentials, write files under the workspace, and make external API requests.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that ordinary requests like '抓取POI' or '导出医美机构Excel' could activate the skill unintentionally. In context, unintended activation can cause unexpected network scraping, API-key usage, and local file generation, which is more than a simple UX issue because it can spend quota and collect/store data without clear user intent.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script embeds a default AMap API key directly in source code and silently uses it when no environment variable is provided. Hardcoded credentials are easily leaked through source distribution, logs, backups, or version control, enabling unauthorized third-party use, quota exhaustion, and possible billing or account abuse.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The documentation exposes a concrete AMap API key in plaintext as the default credential. This is a direct secret disclosure that enables unauthorized third parties to consume API quota, incur billing or service disruption, and potentially attribute abusive traffic to the owner account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal