bmap-jsapi-three 安全扫描报告 — 可信 | ClawSafe

5 /100

bmap-jsapi-three

使用 MapV-Three 构建专业的 3D 地图和 GIS 应用

Pure documentation skill containing only markdown reference files; no executable code, scripts, or actual credentials. The pre-scan flagged placeholder API key examples in documentation as 'hardcoded credentials', but these are clearly example strings (your_cesium_access_token, your_mapbox_access_token) used in code examples, not real credentials.

技能名称bmap-jsapi-three

分析耗时29.8s

引擎pi

✓

可以安装

No action required. The skill is a documentation reference for MapV-Three 3D mapping library with no executable components.

安全发现 1 项

严重性	安全发现	位置
提示	Placeholder tokens in documentation examples Documentation contains example strings like 'your_cesium_access_token' and 'your_mapbox_access_token' in code snippets. These are placeholder examples, not real credentials. `accessToken: 'your_cesium_access_token'` → No action needed - these are clearly example placeholders for user replacement	`references/terrain-tile-provider.md:8`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in markdown-only skill
网络访问	`NONE`	`NONE`	—	No network code in documentation files
命令执行	`NONE`	`NONE`	—	No scripts or shell commands in this skill
环境变量	`READ`	`NONE`	✓ 一致	SKILL.md declares BMAP_JSAPI_KEY requirement but no code accesses it

4 高危 17 项发现

🔑

高危 API 密钥疑似硬编码凭证

accessToken: 'your_cesium_access_token'

references/terrain-tile-provider.md:8

🔑

高危 API 密钥疑似硬编码凭证

accessToken = 'your_cesium_access_token'

references/terrain-tile-provider.md:29

🔑

高危 API 密钥疑似硬编码凭证

accessToken: 'your_access_token'

references/terrain-tile-provider.md:91

🔑

高危 API 密钥疑似硬编码凭证

accessToken: 'your_mapbox_access_token'

references/vector-tile-provider.md:62

🔗

中危外部 URL 外部 URL

https://your-api-host

references/3dtiles-loading.md:249

🔗

中危外部 URL 外部 URL

https://your-traffic-api

references/3dtiles-loading.md:296

🔗

中危外部 URL 外部 URL

https://api.example.com/points

references/datasource/json-datasource.md:129

🔗

中危外部 URL 外部 URL

https://api.example.com/locations

references/datasource/json-datasource.md:169

🔗

中危外部 URL 外部 URL

https://api.example.com/data

references/datasource/json-datasource.md:427

🔗

中危外部 URL 外部 URL

https://your-terrain-server/terrain-data

references/terrain-tile-provider.md:34

🔗

中危外部 URL 外部 URL

https://terrain-server.example.com/assets/123/v1.0

references/terrain-tile-provider.md:102

🔗

中危外部 URL 外部 URL

https://your-geoserver:8080/geoserver/wms

references/third-party-imagery.md:8

🔗

中危外部 URL 外部 URL

https://server/wmts/

references/third-party-imagery.md:102

🔗

中危外部 URL 外部 URL

https://tile-server.example.com/data/

references/third-party-imagery.md:120

🔗

中危外部 URL 外部 URL

https://server.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer/tile/

references/third-party-imagery.md:126

🔗

中危外部 URL 外部 URL

https://a.basemaps.cartocdn.com/light_all/

references/third-party-imagery.md:131

🔗

中危外部 URL 外部 URL

http://local-server:8080

references/vector-tile-provider.md:33

目录结构

47 文件 · 210.9 KB · 7982 行

Markdown 47f · 7982L

├─ ▾ 📁 references

│ ├─ ▾ 📁 common

│ │ ├─ 📝 best-practices.md Markdown 42L · 780 B

│ │ ├─ 📝 coordinate-system.md Markdown 43L · 1.1 KB

│ │ ├─ 📝 event-binding.md Markdown 57L · 1.4 KB

│ │ └─ 📝 faq.md Markdown 86L · 2.5 KB

│ ├─ ▾ 📁 datasource

│ │ ├─ 📝 csv-datasource.md Markdown 459L · 11.6 KB

│ │ ├─ 📝 dataitem.md Markdown 430L · 8.8 KB

│ │ ├─ 📝 geojson-datasource.md Markdown 431L · 10.8 KB

│ │ └─ 📝 json-datasource.md Markdown 433L · 10.2 KB

│ ├─ 📝 3dtiles-loading.md Markdown 378L · 13.3 KB

│ ├─ 📝 circle.md Markdown 94L · 2.8 KB

│ ├─ 📝 cluster.md Markdown 157L · 4.0 KB

│ ├─ 📝 datasource.md Markdown 161L · 3.8 KB

│ ├─ 📝 dom-overlay.md Markdown 116L · 2.7 KB

│ ├─ 📝 easing-function.md Markdown 66L · 1.6 KB

│ ├─ 📝 editor.md Markdown 176L · 4.5 KB

│ ├─ 📝 effect-point.md Markdown 106L · 2.9 KB

│ ├─ 📝 engine.md Markdown 263L · 5.7 KB

│ ├─ 📝 heatmap.md Markdown 106L · 2.6 KB

│ ├─ 📝 imagery-tile-provider.md Markdown 145L · 4.0 KB

│ ├─ 📝 initialization.md Markdown 231L · 5.8 KB

│ ├─ 📝 label.md Markdown 164L · 4.8 KB

│ ├─ 📝 marker-types.md Markdown 200L · 5.7 KB

│ ├─ 📝 marker.md Markdown 87L · 2.1 KB

│ ├─ 📝 materials.md Markdown 169L · 4.6 KB

│ ├─ 📝 measure.md Markdown 208L · 4.7 KB

│ ├─ 📝 mock-twin.md Markdown 186L · 5.6 KB

│ ├─ 📝 model.md Markdown 136L · 3.8 KB

│ ├─ 📝 object-tracker.md Markdown 107L · 2.6 KB

│ ├─ 📝 orbit-tracker.md Markdown 101L · 3.1 KB

│ ├─ 📝 path-tracker.md Markdown 140L · 4.0 KB

│ ├─ 📝 pillar.md Markdown 87L · 2.3 KB

│ ├─ 📝 polygon.md Markdown 160L · 4.1 KB

│ ├─ 📝 polyline.md Markdown 127L · 3.0 KB

│ ├─ 📝 popup.md Markdown 125L · 2.5 KB

│ ├─ 📝 services.md Markdown 217L · 5.3 KB

│ ├─ 📝 simple-line.md Markdown 47L · 1.3 KB

│ ├─ 📝 simple-point.md Markdown 85L · 2.3 KB

│ ├─ 📝 sky-weather.md Markdown 123L · 3.4 KB

│ ├─ 📝 terrain-tile-provider.md Markdown 105L · 2.8 KB

│ ├─ 📝 text.md Markdown 103L · 2.7 KB

│ ├─ 📝 third-party-imagery.md Markdown 152L · 4.5 KB

│ ├─ 📝 tile-mask.md Markdown 144L · 4.3 KB

│ ├─ 📝 tracker.md Markdown 256L · 6.5 KB

│ ├─ 📝 twin.md Markdown 370L · 11.9 KB

│ ├─ 📝 vector-tile-provider.md Markdown 178L · 5.0 KB

│ └─ 📝 wall.md Markdown 100L · 2.7 KB

└─ 📝 SKILL.md Markdown 125L · 4.7 KB

安全亮点

✓ No executable scripts or code files present

✓ No network requests or data exfiltration code

✓ No credential harvesting functionality

✓ No shell execution capabilities

✓ No sensitive path access

✓ Documentation-only delivery reduces attack surface to zero

✓ SKILL.md accurately declares environment variable requirement (BMAP_JSAPI_KEY)