中文 EN

Scan Report

Scan New Files

This report was generated in Chinese. Some content may be in Chinese.
Trusted — Risk Score 5/100
Last scan:3 hr ago Rescan
5 /100
amap-lbs-skill
高德地图综合服务,支持POI搜索、路径规划、旅游规划和热力图可视化
高德地图综合服务技能,代码实现与文档声明一致,仅进行正常的地图API调用,无恶意行为。
Skill Nameamap-lbs-skill
Duration25.6s
Enginepi
ClawHub oo v1.0.0 by zhangyanfe
📥 171
ClawHub Verdict Suspicious potential_exfiltration
Safe to install
无需特殊处理,可正常使用。

Findings 1 items

Severity Finding Location
Low
文档实现细节不一致 Doc Mismatch
SKILL.md中使用curl命令示例说明API调用,但实际代码使用axios实现。功能等价,属于实现方式差异。
curl -s "https://restapi.amap.com/v3/geocode/geo?address={位置}&output=JSON&key={用户的key}"
→ 建议更新文档说明实际使用axios库进行API调用,或统一使用curl示例
 SKILL.md:117
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned index.js:34 读写config.json
Network READ READ ✓ Aligned index.js:68 axios调用restapi.amap.com
Shell NONE NONE 无shell执行代码
24 findings
🔗
Medium External URL 外部 URL
https://lbs.amap.com/api/webservice/summary
SKILL.md:13
🔗
Medium External URL 外部 URL
https://lbs.amap.com/api/webservice/create-project-and-key
SKILL.md:40
🔗
Medium External URL 外部 URL
https://www.amap.com/search?query=
SKILL.md:76
🔗
Medium External URL 外部 URL
https://www.amap.com/search?query=美食
SKILL.md:93
🔗
Medium External URL 外部 URL
https://www.amap.com/search?query=酒店
SKILL.md:94
🔗
Medium External URL 外部 URL
https://www.amap.com/search?query=天安门
SKILL.md:95
🔗
Medium External URL 外部 URL
https://www.amap.com/search?query=加油站
SKILL.md:96
🔗
Medium External URL 外部 URL
https://lbs.amap.com
SKILL.md:140
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v3/geocode/geo?address=
SKILL.md:148
🔗
Medium External URL 外部 URL
https://ditu.amap.com/search?query=
SKILL.md:181
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v3/geocode/geo?address=西直门&output=JSON&key=xxx
SKILL.md:200
🔗
Medium External URL 外部 URL
https://ditu.amap.com/search?query=美食&query_type=RQBXY&longitude=116.353138&latitude=39.939385&range=1000
SKILL.md:202
🔗
Medium External URL 外部 URL
http://a.amap.com/jsapi_demo_show/static/openclaw/heatmap.html?mapStyle=
SKILL.md:227
🔗
Medium External URL 外部 URL
https://a.amap.com/Loca/static/loca-v2/demos/mock_data/hz_house_order.json
SKILL.md:248
🔗
Medium External URL 外部 URL
http://a.amap.com/jsapi_demo_show/static/openclaw/heatmap.html?mapStyle=grey&dataUrl=https%3A%2F%2Fa.amap.com%2FLoca%2Fs...
SKILL.md:256
🔗
Medium External URL 外部 URL
https://lbs.amap.com/
SKILL.md:424
🔗
Medium External URL 外部 URL
https://lbs.amap.com/api/webservice/guide/api-advanced/newpoisearch
SKILL.md:426
🔗
Medium External URL 外部 URL
https://lbs.amap.com/api/webservice/create-project-and-key\n
index.js:69
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v5/place/text
index.js:90
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v3/direction/walking
index.js:126
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v3/direction/driving
index.js:162
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v4/direction/bicycling
index.js:202
🔗
Medium External URL 外部 URL
https://restapi.amap.com/v3/direction/transit/integrated
index.js:239
🔗
Medium External URL 外部 URL
https://a.amap.com/jsapi_demo_show/static/openclaw/travel_plan.html
index.js:273

File Tree

8 files · 37.4 KB · 1220 lines
JavaScript 4f · 766L Markdown 1f · 426L JSON 3f · 28L
├─ 📁 scripts
│ ├─ 📜 poi-search.js JavaScript 99L · 3.1 KB
│ ├─ 📜 route-planning.js JavaScript 179L · 6.4 KB
│ └─ 📜 travel-planner.js JavaScript 82L · 2.7 KB
├─ 📋 _meta.json JSON 5L · 133 B
├─ 📋 config.example.json JSON 3L · 55 B
├─ 📜 index.js JavaScript 406L · 11.0 KB
├─ 📋 package.json JSON 20L · 492 B
└─ 📝 SKILL.md Markdown 426L · 13.5 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
axios ^1.13.6 npm No 可信HTTP客户端库,有版本锁定

Security Positives

✓ 代码结构清晰,模块化设计良好
✓ 仅依赖可信第三方库axios且有版本锁定
✓ 所有网络请求仅指向官方高德API域名
✓ 配置文件存储在本地config.json,不涉及敏感路径
✓ 无shell执行、无凭证外传、无代码混淆