Scan Report
5 /100
amap-location
高德地图服务(路径规划、POI 搜索)
Legitimate AMap (高德地图) location service skill with clean code, standard HTTP requests to documented API endpoints, and no suspicious behavior detected.
Safe to install
No action needed. The skill performs documented map services using standard Python libraries.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Hardcoded configuration path in documentation Sensitive Access | SKILL.md:10 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | amap.py:21, static_map.py:29 - Only accesses restapi.amap.com |
| Environment | READ | READ | ✓ Aligned | amap.py:17, static_map.py:25 - Reads AMAP_API_KEY only |
| Filesystem | NONE | WRITE | ✓ Aligned | static_map.py:217 - Writes to configurable temp path (documented in SKILL.md) |
2 findings
Medium External URL 外部 URL
https://restapi.amap.com/v3 amap.py:21 Medium External URL 外部 URL
https://restapi.amap.com/v3/staticmap static_map.py:29 File Tree
3 files · 21.7 KB · 733 lines Python 2f · 583L
Markdown 1f · 150L
├─
amap.py
Python
├─
SKILL.md
Markdown
└─
static_map.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
Pillow | * | pip | No | Standard image library for map generation |
Security Positives
✓ Clean, readable Python code without obfuscation
✓ No shell execution, subprocess, or eval() calls
✓ Only accesses documented AMap API endpoints (restapi.amap.com)
✓ API key usage matches documentation - reads from environment only
✓ No credential harvesting or data exfiltration
✓ Standard urllib library for HTTP requests - no suspicious client behavior
✓ Image processing uses standard PIL library with clear purpose
✓ File writes limited to configurable temp output path
✓ Proper error handling with try/except blocks
✓ No hidden functionality - code matches stated purpose