baidu-map-jsapi-three
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a documentation-only MapV-Three/Baidu Maps helper, with expected API-key and map-provider considerations but no artifact-backed malicious behavior.
This skill appears safe to install as a documentation/reference aid. Before using it, make sure any Baidu Maps API key is restricted, do not expose it in public repositories or logs, and be mindful that geocoding, routing, and map-provider calls can reveal location data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill may need to provide a Baidu Maps API key, which could be abused if exposed or left unrestricted.
The skill requires a Baidu Maps API key. That credential is expected for a Baidu map/GIS integration, and the artifacts do not show hardcoding, logging, or unrelated use.
requires:\n bins: ["node"]\n env: BMAP_JSAPI_KEY\nprimaryEnv: BMAP_JSAPI_KEY
Use a restricted Baidu Maps key, limit it to the needed domains/APIs where possible, and avoid placing it in public code or logs.
Map searches, routes, and coordinates may reveal sensitive location information to external providers if used with private data.
The skill documents location services such as geocoding, search, and route planning, which normally send queries or coordinates to external map providers. This is purpose-aligned for GIS development.
`reference/services.md` - 位置基础服务(地理编码、搜索、路线规划、行政区划等)
Review which provider receives location queries, avoid submitting sensitive coordinates unless necessary, and follow the provider’s privacy and key-management guidance.
Users have less external provenance information for verifying the documentation’s origin or maintenance status.
The registry metadata does not identify an upstream source or homepage. Because the package is instruction-only with no install spec or executable code, this is a provenance note rather than a material security concern.
Source: unknown; Homepage: none
Review the included references before relying on them and cross-check important API guidance against official MapV-Three/Baidu Maps documentation.