Tencent Map
PassAudited by ClawScan on May 1, 2026.
Overview
This is a benign Tencent Maps development reference, but users should protect API keys, location data, and only download the SDK from an official source.
This skill appears safe to install as an instruction-only Tencent Maps helper. Before using its examples in a real project, obtain the SDK from Tencent's official source, restrict and protect your API keys, and be mindful that geocoding, routing, and IP-location calls can send location data to Tencent Maps.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users copy the examples into real applications, their Tencent Maps key or signing secret must be protected to avoid quota abuse or unauthorized API use.
The skill discusses Tencent Maps API keys and signing secrets. This is expected for Tencent Maps integration, and the artifact also warns not to expose keys.
认证方式: `key` 参数(在腾讯位置服务控制台申请)... `sk=SECRET_KEY` ... key 不要暴露在前端
Use restricted Tencent Maps keys, enable domain allowlists or SK signing for production, and avoid placing secrets directly in frontend code.
Downloading the SDK from an unofficial or tampered source could introduce unsafe code into the user's app project.
The skill tells users to download a Tencent Maps mini-program SDK file into their project. This is purpose-aligned, but the artifact does not specify an official URL or integrity check.
// 1. 下载 qqmap-wx-jssdk.min.js 放入项目
const QQMapWX = require('../../libs/qqmap-wx-jssdk.min.js')Download the SDK only from Tencent's official documentation or package source, and verify the source before committing it to a project.
Real addresses, coordinates, or IP addresses used with these examples may be transmitted to Tencent Maps services.
The examples send addresses, coordinates, or IPs to Tencent Maps APIs. This is expected for a map API assistant, but it involves potentially sensitive location data.
Base URL: `https://apis.map.qq.com` ... `GET /ws/geocoder/v1/?address=...&key={key}` ... `GET /ws/location/v1/ip?ip=61.135.17.68&key={key}`Avoid sending unnecessary personal location data, follow Tencent's privacy terms, and use test or minimized data when possible.