Security audit

腾讯地图WebserviceAPI开发技能

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Tencent Maps WebService skill with expected location/API-key handling, but users should avoid pasting keys or unnecessary personal location data into chat.

Install only if you intend to work with Tencent Maps WebService APIs. Use an environment variable or secret manager for the API key instead of pasting it into chat, and avoid sending third-party IP addresses, phone numbers, names, or precise addresses unless you have authorization and a real need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger section includes very broad generic keywords such as “搜索”, “路线”, “天气”, “定位”, and “坐标”, which can cause the skill to activate in unrelated contexts. Over-broad activation is a security and safety issue because it can route user requests to a capability that may prompt for keys, process location data, or initiate external API workflows without strong intent matching.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly supports IP geolocation and smart address parsing from unstructured text that may contain contact and address information, but it does not present a clear privacy warning, consent requirement, or data-handling guidance. This creates a real privacy risk because users may be led to submit personal or third-party location/contact data without understanding the sensitivity or appropriate limitations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The smart address parsing section explicitly instructs developers to send non-structured text that may contain names, phone numbers, and precise addresses to a third-party API, but it does not include any privacy, consent, minimization, retention, or compliance warning. This can lead downstream integrators to transmit sensitive personal data by default without informing users or applying safeguards, increasing the risk of privacy violations, regulatory non-compliance, and unnecessary exposure of PII.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation describes IP-based geolocation and explicitly notes that if the `ip` parameter is omitted, the service will use the request source IP, but it does not warn that this involves processing potentially sensitive location-related personal data. In a location-service skill, this omission can lead developers to collect or transmit end-user IP data without appropriate notice, consent, retention controls, or privacy review, increasing compliance and privacy risk.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill instructs users that they may provide their API key directly in chat, which is an unsafe credential-handling pattern. Chat transcripts are commonly logged, retained, or exposed to other tools and operators, so encouraging direct secret disclosure materially increases the risk of credential leakage and subsequent unauthorized API use.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal