baidu map jsapi-ui-kit
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign documentation skill for Baidu Maps UI components, with expected use of a Baidu API key and third-party map/package services.
This skill is instruction-only and appears coherent for Baidu Maps UI development. Before using its examples, verify and pin the npm/CDN package, configure a restricted Baidu Maps API key, and remember that place searches and route coordinates will be handled by Baidu Maps services.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a project, the app will rely on code fetched from npm or a CDN, and unpinned CDN/package references can change over time.
The documentation tells users to install or load a third-party package, including an unpinned CDN URL. This is expected for a UI library guide, but it is still a supply-chain consideration.
npm install @baidumap/jsapi-ui-kit ... https://unpkg.com/@baidumap/jsapi-ui-kit/dist/jsapi-ui-kit.iife.js
Pin package and CDN versions, use a lockfile, verify the package source/maintainer, and consider SRI or self-hosting for production.
A Baidu Maps API key may consume quota or incur usage tied to the configured account if used in generated examples.
The skill declares a Baidu Maps API key as its primary credential. That is purpose-aligned for Baidu Maps integration, but it gives access to API quota and should be scoped.
requires: bins: ["node"], env: BMAP_JSAPI_KEY; primaryEnv: BMAP_JSAPI_KEY
Use a dedicated Baidu Maps key, restrict it by domain/application where possible, set quotas, and avoid exposing any non-client secrets.
Searches, POI details, and route coordinates may be sent to Baidu Maps as part of normal map functionality.
The route planning component is documented as using Baidu Maps route-planning services with start/end coordinates. This external provider flow is expected for map routing, but location data can be sensitive.
路径规划 UI 组件,封装百度地图路径规划服务 ... start: 起点坐标 ... end: 终点坐标
Only send location or route data when the user intends it, disclose Baidu Maps provider use in the application, and avoid unnecessary logging or retention of sensitive locations.