amap-location
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your AMap API key will be used for requests made by this skill, and usage may count against your AMap quota.
The skill requires and uses an AMap API key. This is expected for the stated map-service purpose, but it is account-level credential use that users should recognize.
API_KEY = os.getenv("AMAP_API_KEY") ... params['key'] = API_KEYUse a dedicated, least-privileged AMap API key if possible, and confirm the key is stored only where you intend.
Addresses, coordinates, and search terms you provide may be sent to AMap to perform the requested lookup.
The code sends geocoding, routing, and POI query parameters to AMap's external API. This is purpose-aligned, but those parameters can include precise locations and addresses.
BASE_URL = "https://restapi.amap.com/v3" ... urllib.request.urlopen(full_url, timeout=10)
Avoid sending sensitive locations unless you are comfortable sharing them with AMap under its service terms.
Some documented commands may not work as-is, or may depend on local wrapper scripts outside the reviewed artifacts.
The documentation references wrapper commands that are not included in the provided file manifest or install spec. This is not evidence of malicious behavior, but users should verify what local commands are actually installed.
amap-map-search "汉堡" "23.155254,113.346322" 3 1500 ... amap-search-food ... amap-drive
Before relying on wrapper commands, inspect the installed command paths and ensure they point to the reviewed scripts or trusted local code.