ClawHub
Back to skill

Security audit

tencentmap-miniprogram-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tencent Maps WeChat Mini Program development skill, but users should handle map API keys and location data carefully.

Install this skill only if you are building Tencent Maps features for WeChat Mini Programs. Treat TMAP_MINIPROGRAM_KEY and any SK/signing secret as credentials, avoid embedding signing secrets in client code, and make sure any app built from these examples clearly explains location collection, third-party Tencent processing, retention, and how users can disable ongoing or background location access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to inspect an environment variable for a Tencent Map key before doing anything else, even though this is a guidance-oriented skill. Accessing secrets from the environment without a task-specific need broadens secret exposure and normalizes credential handling in a context where the user may only want documentation or code examples.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The skill creates a contradictory control flow: it forbids analysis, file reads, planning, and code writing before key selection, then later directs the agent to read local references and analyze requirements as normal. Such conflicting instructions can be used to manipulate agent behavior, causing premature secret checks or unnecessary gating before harmless offline assistance.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata defines a mandatory control flow: first check for a formal key, and if none exists, immediately present key options and stop before any analysis, file reading, planning, or code generation. This document instead jumps straight into implementation, location access, and SDK usage examples, which can cause an agent using this skill to violate the required gating behavior and proceed without the prerequisite key check. In this skill context, that mismatch is more dangerous because the metadata explicitly imposes a safety/usage constraint that the content fails to reinforce.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger terms are extremely broad and include many generic map-related words, increasing the chance that the skill loads in unrelated conversations. Because this skill also contains mandatory key-check behavior, overbroad activation can unnecessarily steer users into secret-handling or restrictive flows they did not ask for.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example collects a user-entered street address and sends it to Tencent's external geocoding service, but the documentation does not warn developers that this may transmit sensitive personal or location-related data to a third party. In a mini-program context, addresses often correspond to homes, workplaces, or live user locations, so omission of privacy guidance can lead to deployments that violate consent, disclosure, or data-minimization requirements.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation instructs users to pass a signing secret derived from the SK (`sig`) and even shows that the raw generated SK string is supplied directly, but it provides no warning that this value is sensitive and must not be exposed in client-side Mini Program code. In this skill's context, that omission is more dangerous because developers are likely to follow the guide literally and place signing material into frontend code, which can enable key abuse, request forgery, quota exhaustion, or unauthorized use of Tencent location APIs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example sends user-entered search terms and potentially location-biased query data to Tencent's remote suggestion API on every input event, but the sample does not mention any consent, disclosure, or throttling/privacy considerations. In a mini-program context, search terms can contain sensitive addresses, workplaces, or home locations, so silently transmitting them to a third party can create avoidable privacy risk and compliance issues.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that omitting `location` defaults to the current location, but it does not warn developers that this behavior implicates collection and transmission of precise geolocation data. In a mini-program context, developers may unknowingly build flows that access user location without clear disclosure, consent UX, or minimization, creating privacy, compliance, and user-trust risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that when `location` is omitted, the search defaults to the user's current location, but it does not warn developers to obtain informed user consent or present a privacy notice before using location data. In a mini-program context, this can lead to implementations that collect or transmit precise location to a third-party map service without adequate disclosure, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation describes an API that collects and returns precise geolocation data, including latitude, longitude, and address, but does not explicitly instruct developers to provide a clear user-facing privacy notice explaining what data is collected, why it is needed, and how it will be used or retained. In a location-focused mini-program skill, that omission can lead downstream developers to implement compliant permission prompts at the platform level while still failing to meet broader privacy transparency expectations, increasing privacy and regulatory risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation describes an API that retrieves fuzzy geographic location but does not include any user-facing privacy warning, consent guidance, or minimization advice. Even though the location is 'fuzzy' rather than precise, it still constitutes sensitive location data and may lead developers to implement collection or use without adequately informing users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explains how to obtain precise user location and related accuracy data, but it does not clearly warn about privacy sensitivity, data-use limitations, retention, or the need to minimize collection. In a map/location skill, this omission can lead downstream agents or developers to implement location access without adequate user notice or safeguards, increasing the risk of privacy violations and regulatory noncompliance.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The document demonstrates continuous background location tracking and event logging, but it does not instruct developers to present a clear in-app notice explaining ongoing collection, retention, and purpose beyond the platform permission prompt. Relying only on the system authorization dialog can lead to privacy-harmful implementations and regulatory or policy violations, especially because background location is highly sensitive.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal