Back to skill
Skillv1.0.0
VirusTotal security
Amap Poi Fetch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 1:36 PM
- Hash
- 294c051a77961e7caccfad5ac108577d5b244700c5dc8403815e2a1358fa1d85
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: amap-poi-fetch Version: 1.0.0 The skill is designed to fetch POI data from the Amap (高德地图) API and export it to Excel. The primary security concern is the inclusion of a hardcoded API key (0c166a2bf61c1e4e6c96e3b645233e54) in scripts/poi_fetch.py, which is a credential exposure vulnerability. While the script's network requests to restapi.amap.com and file operations in the workspace directory are aligned with its stated purpose, the hardcoded secret is a security flaw that could lead to unauthorized use or quota exhaustion.
- External report
- View on VirusTotal