Security audit

Tencent Map

Security checks across malware telemetry and agentic risk

Overview

This is a Tencent Maps reference skill that explains API usage and does not include executable code or hidden behavior.

Reasonable to install as a Tencent Maps development reference. Before using the examples in production, download SDK files only from official Tencent sources, restrict API keys and SK signing secrets, and review privacy/legal requirements before sending real user locations or IP addresses to Tencent Maps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill recommends an IP geolocation API but does not warn that users' IP addresses are personal data in many jurisdictions and will be transmitted to a third party. In a developer-facing skill, this omission can lead integrators to collect or forward IPs without consent, notice, minimization, or compliance checks, creating privacy and regulatory risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal