ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

amap-location

高德地图服务(路径规划、POI 搜索)

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 58 · 0 current installs · 0 all-time installs
by@ttguy0707
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The Python code implements geocoding, routing, POI search and static map generation — which matches the skill name/description. However the package metadata claims no required env vars while both code files require AMAP_API_KEY. SKILL.md also references wrapper scripts (e.g., amap-map-search, amap-search-food, amap-drive) that are not present in the bundle. These inconsistencies mean the declared metadata does not fully reflect the skill's real needs.
!
Instruction Scope
SKILL.md instructs the agent/user to source a specific file path (/home/thor/.openclaw/settings/amap.env) for the API key and claims features like "自动发送并清理临时文件" that the included scripts do not perform. It gives CLI examples that do not correspond exactly to the provided Python entrypoints. The instructions therefore assume specific filesystem layout and extra helper scripts that are not included — scope creep and mismatched guidance.
Install Mechanism
There is no install spec (instruction-only), and the bundle contains only two Python files plus SKILL.md. No external downloads or package installs are performed by the skill itself. This is low-risk from an install-download perspective.
!
Credentials
Although the functionality legitimately requires an AMap API key, the skill metadata lists no required environment variables or primary credential while both amap.py and static_map.py exit if AMAP_API_KEY is not set. SKILL.md suggests storing the key in a hard-coded user path (/home/thor/.openclaw/settings/amap.env). Asking users to place secrets in a specific home path and failing to declare the required env var in metadata is disproportionate and brittle.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system-wide configs, and does not require elevated privileges. It reads an environment variable and writes a temporary PNG (defaults to /tmp/static_map.png).
What to consider before installing
This skill appears to implement legitimate AMap API usage but contains several mismatches you should address before installing: - The Python files require AMAP_API_KEY, but the skill metadata declares no required env vars. Do not provide other secrets; only supply an AMap API key with minimal permissions/quota. - SKILL.md tells you to source a hard-coded path (/home/thor/.openclaw/settings/amap.env). That path is user-specific and may not exist — prefer placing your key in a controlled location and set AMAP_API_KEY in the environment explicitly. - SKILL.md references wrapper commands (amap-map-search, amap-search-food, amap-drive, etc.) and claims auto-send/cleanup behavior that are not present in the included scripts. Expect to run the provided Python commands (amap.py static map via static_map.py) instead. Verify any wrappers or automation before trusting them. - The static map generator writes to /tmp by default and prints the file path; it does not appear to exfiltrate data. Still, run the skill in an isolated environment (or container) if you are concerned about network access or accidental exposure of your API key. If you want to proceed: set AMAP_API_KEY in your environment (or use a dedicated key with restricted quota), inspect and test the included Python scripts locally, and consider requesting the maintainer update the skill metadata and SKILL.md to accurately declare the required env var and correct CLI examples. If you cannot verify the source/maintainer, avoid deploying the skill in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975prx1d4na700vt1076bqkfh833ebq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗺️ Clawdis

SKILL.md

AMap Location - 高德地图服务

提供路径规划、POI 搜索、地理编码等高德地图服务。

配置

API Key

已存储在 /home/thor/.openclaw/settings/amap.env

export AMAP_API_KEY="your_api_key"

加载环境变量

source /home/thor/.openclaw/settings/amap.env

功能

🗺️ 静态地图(推荐)

搜索并生成带标记的地图

amap-map-search "汉堡" "23.155254,113.346322" 3 1500
  • 自动生成高清地图(1024x1024)
  • 红点 A 标记您的位置
  • 蓝点 B/C/D 标记搜索结果
  • 自动发送并清理临时文件

📍 地理编码

地址 → 坐标

amap geocode --address="广州市天河区体育西路 100 号"

🏠 逆地理编码

坐标 → 地址

amap regeocode --location="113.346322,23.155254"

🚗 驾车路径规划

amap driving --origin="113.346322,23.155254" --destination="113.264434,23.129018"

🚶 步行路径规划

amap walking --origin="113.346322,23.155254" --destination="113.350000,23.160000"

🚌 公交路径规划

amap transit --origin="113.346322,23.155254" --destination="113.264434,23.129018"

🔍 POI 搜索

搜索美食

amap search --keywords="美食" --location="113.346322,23.155254" --radius=1000

搜索酒店

amap search --keywords="酒店" --location="113.346322,23.155254" --radius=2000

搜索加油站

amap search --keywords="加油站" --location="113.346322,23.155254" --types="加油站" --radius=3000

使用方式

方式 1:命令行

# 加载环境变量
source /home/thor/.openclaw/settings/amap.env

# 使用命令
amap driving --origin="起点坐标" --destination="终点坐标"

方式 2:直接跟我说

发送位置信息后,我会询问您想要:

  • 🚗 路径规划(驾车/步行/公交)
  • 🍽️ 搜索美食
  • 🏨 搜索酒店
  • ⛽ 搜索加油站
  • 🏥 搜索医院
  • 其他 POI 搜索

方式 3:包装脚本

# 搜索附近美食
amap-search-food "113.346322,23.155254"

# 规划驾车路线
amap-drive "起点坐标" "终点坐标"

POI 类型参考

类型关键词types 代码
美食美食、餐厅餐饮服务
酒店酒店、宾馆住宿服务
加油站加油站加油站
医院医院医疗保健服务
银行银行金融服务
购物购物、商场购物服务
景点景点、公园风景名胜

示例

# 查询地址坐标
amap geocode --address="广州塔"

# 规划从当前位置到广州塔的驾车路线
amap driving --origin="113.346322,23.155254" --destination="113.325610,23.106500"

# 搜索附近 1 公里内的美食
amap search --keywords="美食" --location="113.346322,23.155254" --radius=1000

API 限制

  • 每日配额:根据 API Key 等级
  • 并发限制:避免高频请求
  • 超时设置:10 秒

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…