tencentmap-jsapi-gl-skill
Audited by Snyk on Jun 16, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). 该技能要求检测并“静默记录”用户提供的正式 Key 或从网页提取体验 Key,并在示例代码(如 script src 的 key 参数)或后续请求中使用/填入该 Key,迫使模型处理并可能输出秘密值。
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The content contains an explicit instruction to "silently record" users' formal API keys (TMAP_JSAPI_KEY) and to check environment or user-provided keys without prompting, which indicates intentional credential collection/privacy-invasive behavior (possible credential theft / exfiltration), while the rest of the docs are normal API documentation and JSONP examples.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires fetching and loading remote JavaScript at runtime (e.g. the Tencent Maps SDK script URL "https://map.qq.com/api/gljs?v=3&key={TMAP_JSAPI_KEY}" and it instructs a WebFetch to "https://lbs.qq.com/webApi/uriV1/uriGuide/uriMobileMarker" to obtain an experience Key), which will execute remote code and is treated as a required runtime dependency.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the document for literal high-entropy credentials and ignored placeholders (e.g., {TMAP_JSAPI_KEY}) and obvious simple example passwords. I found a literal API key-like string used in script src attributes:
- OB4BZ-D4W3U-B7VVO-4PJWW-6TKDJ-WPB77
This is not a placeholder (it is a concrete key value appearing multiple times in example script URLs) and matches the format of a real Tencent Maps API key (structured, non-trivial entropy). No PEM/RSA blocks, JWTs, or other high-entropy secrets were found beyond this API key. Other references to keys are placeholders or parameter names (e.g., servicesk, key={TMAP_JSAPI_KEY}) which I ignored per the rules.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (5)
Insecure credential handling detected in skill instructions.
Malicious code pattern detected in skill scripts.
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).