Back to skill

Security audit

test-ai-map-api

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu Maps API helper; its location sharing is expected for map features, but users should be aware that precise queries and coordinates go to Baidu.

Install only if you are comfortable sending map searches, addresses, route requests, and precise coordinates to Baidu Maps using your Baidu API token. Avoid submitting sensitive home, work, or travel details unless needed, and use a scoped or revocable token where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs sending full user requests, precise coordinates, addresses, and home-like aliases (for example, “我家” mappings) to Baidu APIs, but it does not require a user-facing notice or consent step before transmitting this personal data to a third party. In a maps skill, this context makes the transmission expected, but the combination of exact location, address, and free-form query content still creates meaningful privacy risk if users are not clearly warned.

External Transmission

Medium
Category
Data Exfiltration
Content
示例:

```bash
curl --get "https://api.map.baidu.com/agent_plan/v1/place" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "user_raw_request=帮我找北京可带宠物的咖啡馆" \
  --data-urlencode "region=北京市"
Confidence
91% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1) 帮我查一下八达岭长城附近的五星级酒店
curl --get "https://api.map.baidu.com/agent_plan/v1/place" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "user_raw_request=帮我查一下八达岭长城附近的五星级酒店" \
  --data-urlencode "region=延庆区" \
Confidence
88% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
--data-urlencode "sort=relevance"

# 2) 离我最近的火锅店(distance 排序)
curl --get "https://api.map.baidu.com/agent_plan/v1/place" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "user_raw_request=离我最近的火锅店" \
  --data-urlencode "region=北京市" \
Confidence
95% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1) 帮我规划从故宫到颐和园的驾车路线
curl -X POST "https://api.map.baidu.com/agent_plan/v1/direction" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "user_raw_request=帮我规划从故宫到颐和园的驾车路线" \
Confidence
89% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
--data-urlencode "location=39.914590,116.403770"

# 2) “我家”别名映射
curl -X POST "https://api.map.baidu.com/agent_plan/v1/direction" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "user_raw_request=步行去我家附近最近的中餐厅" \
Confidence
97% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
--data-urlencode "refer_pois=我家:fbc88a21464370106e3e1b52,40.092180,116.345310"

# 2) 交通方式推理改写:从王府井打车去三里屯要多久
curl -X POST "https://api.map.baidu.com/agent_plan/v1/direction" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "user_raw_request=从王府井驾车去三里屯要多久" \
Confidence
87% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
#### 示例

```bash
curl --get "https://api.map.baidu.com/agent_plan/v1/geocoding" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "address=北京市海淀区上地十街10号百度大厦" \
  --data-urlencode "region=北京市"
Confidence
90% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
#### 示例

```bash
curl --get "https://api.map.baidu.com/agent_plan/v1/reverse_geocoding" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "location=40.056800,116.308300"
```
Confidence
93% confidence
Finding
https://api.map.baidu.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1) 按坐标查询天气
curl --get "https://api.map.baidu.com/agent_plan/v1/weather" \
  -H "Authorization: Bearer $BAIDU_MAP_AUTH_TOKEN" \
  --data-urlencode "location=38.766230,116.432130"
```
Confidence
84% confidence
Finding
https://api.map.baidu.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.