Skills
skills/tencentlbs/tencentmap_lbs_skills/tencentmap-lbs-skill/Gen Agent Trust Hub

tencentmap-lbs-skill

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @tencent-map/lbs-skills package from the NPM registry. This is the official package provided by the vendor (TencentLBS) and is necessary for the skill's functionality.
  • [COMMAND_EXECUTION]: Uses the tmap-lbs command-line interface to perform map-related tasks. The command usage is consistent with the skill's stated purpose of providing mapping services.
  • [CREDENTIALS_UNSAFE]: Effectively manages the TMAP_WEBSERVICE_KEY by checking environment variables or prompting the user for input. It explicitly warns against hardcoding keys in client-side code to prevent exposure.
  • [DATA_EXFILTRATION]: Network operations are directed to official subdomains of qq.com (e.g., apis.map.qq.com, h5gw.map.qq.com). These communications are part of the legitimate functionality of the Tencent Maps LBS service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:50 PM