Skills
skills/tangqihy/openclaw-map-skills/amap/Gen Agent Trust Hub

amap

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill performs network requests to 'restapi.amap.com'. While this is the legitimate endpoint for the Amap API, it is not on the trusted domain whitelist. No sensitive local data is transmitted.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted user input (origin/destination names) and reflects them in the agent's context without boundary markers.
  • Ingestion points: origin, destination, and waypoints arguments in amap_route.py and amap_planning.py.
  • Boundary markers: Absent in the formatted output returned to the agent.
  • Capability inventory: Performs network requests via urllib.request and outputs formatted text to stdout.
  • Sanitization: Input is URL-encoded for API requests but not sanitized for the subsequent prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM