amap-traffic
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): Accesses sensitive local file paths containing credentials.\n
- Evidence:
scripts/amap_traffic.pyreads the configuration file/home/admin/.openclaw/openclaw.jsonto extractAMAP_KEY.\n - Severity: Accessing files that store secrets is a high-risk pattern. It is assigned MEDIUM severity here because it is part of the skill's documented configuration mechanism.\n- [Indirect Prompt Injection] (LOW): The skill processes untrusted input that is eventually presented back to the AI agent.\n
- Ingestion points:
origin_addr,dest_addr, andcityparameters provided via command line arguments (sys.argv) inscripts/amap_traffic.py.\n - Boundary markers: Absent in script output.\n
- Capability inventory: Performs network GET requests to an external API (
restapi.amap.com).\n - Sanitization: Employs
urllib.parse.urlencodeto safely encode parameters for the API request, preventing URL-based injection.
Audit Metadata