baidu map jsapi-ui-kit

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Baidu Maps UI integration skill with expected API-key and location-service use, and no evidence of hidden execution or harmful behavior.

Before installing, treat this as a guide for integrating Baidu Maps services. Use a restricted Baidu Maps API key, avoid exposing server-side secrets in client code, pin npm/CDN versions where possible, and disclose to your own users that search terms, POI identifiers, and route coordinates may be handled by Baidu Maps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation describes sending route-planning inputs, POI identifiers, and navigation-related data to Baidu services without any privacy or data-transmission notice. In practice, start/end coordinates, waypoint data, names, and UIDs may reveal sensitive location information, so omission of disclosure can lead developers to integrate the component without appropriate consent, minimization, or compliance controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal