← Back to Skills Marketplace

Map Search

Name: Map Search
Author: shoucangjia1qu

by 收藏夹1区 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

850

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install map-search

Description

更适合中国体质宝宝的地图搜索工具，支持高德、百度、腾讯地图聚合搜索。

Usage Guidance

This skill's code matches its description: it queries official Amap/Baidu/Tencent APIs and falls back to env vars or ~/.config/openclaw/map_config.json for API keys. Before installing: - Confirm the author/source (owner is unknown). Unknown-source skills carry higher risk. - Note that the registry metadata omitted required API keys and the config path; you should treat the config file (~/.config/openclaw/map_config.json) as sensitive because it will contain your provider API keys. - If you don't want a system-wide CLI, avoid creating the /usr/local/bin symlink (that requires root). Run the script from a user-controlled path instead. - The script uses Amap IP geolocation when coords are not supplied — this will send your IP to Amap if you rely on that feature. - Install 'requests' in a virtualenv or container first and review the map_search.py file yourself if you can. If you decide not to trust the unknown owner, run in an isolated environment or do not provide real API keys.

Capability Analysis

Type: OpenClaw Skill Name: map-search Version: 1.0.0 The skill's core functionality is benign, providing a multi-map search tool. However, the `map_search.py` script contains a URL injection vulnerability. User-supplied inputs such as `keyword`, `region`, `lat`, `lng`, and `radius` are directly interpolated into API request URLs using f-strings without proper URL encoding. This allows an attacker to inject arbitrary URL parameters into the map API calls if they can control the input arguments passed to the script, potentially manipulating the API request or causing unexpected behavior. This is a vulnerability, not intentional malice.

Capability Assessment

⚠ Purpose & Capability

The code and SKILL.md implement map search across Amap, Baidu, and Tencent and require Python and the requests library — that fits the stated purpose. However, the registry metadata at the top of the submission claims no required environment variables and no config paths, while both SKILL.md and map_search.py clearly require API keys (AMAP_API_KEY, BAIDU_MAP_API_KEY, TENCENT_MAP_API_KEY) and read a configuration file at ~/.config/openclaw/map_config.json. That mismatch is an incoherence worth flagging.

ℹ Instruction Scope

Runtime instructions are focused on keyword and nearby searches and only reference map APIs. The code reads ~/.config/openclaw/map_config.json (and falls back to env vars) and will call the official map provider endpoints. The nearby-location feature uses Amap's IP geolocation when no coordinates are provided, which sends your IP to Amap. Instructions suggest creating a system symlink (/usr/local/bin) and show examples using /root/.openclaw paths — these are normal for a CLI but require appropriate privileges and care.

✓ Install Mechanism

There is no install spec and no remote downloads; this is an instruction-only skill with a locally included Python script. The only extra dependency is the 'requests' Python package (SKILL.md notes to pip install requests). No archive downloads or third-party installers were observed.

⚠ Credentials

Requesting API keys for Amap, Baidu, and Tencent is proportionate to an aggregator map tool. However, the submission's top-level metadata did not list these required environment variables while SKILL.md and the code do — this discrepancy could lead to silent failures or misconfiguration and should be clarified. The skill also reads a config file in the user's home directory (~/.config/openclaw/map_config.json) which was not declared in registry metadata.

ℹ Persistence & Privilege

The skill does not request elevated platform privileges (always is false) and does not modify other skills. The only persistence suggestion is an optional symlink into /usr/local/bin (requires admin privileges to create) to expose the script as a system CLI. No evidence of self-enabling, system-wide config modifications, or hidden background services was found.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install map-search
After installation, invoke the skill by name or use /map-search
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- 首发版本：聚合高德、百度、腾讯地图，支持关键词及附近搜索。 - 支持通过配置文件或环境变量设置各平台 API Key 与搜索优先级。 - 提供命令行使用方式及参数，支持经纬度、半径、自定义关键词等灵活搜索。 - 新增附近搜索模式，可根据当前位置或指定坐标查找周边地点。 - 输出格式清晰，适合直接终端阅读。

Metadata

Slug map-search

Version 1.0.0

License —

All-time Installs 8

Active Installs 8

Total Versions 1

Frequently Asked Questions

What is Map Search?

更适合中国体质宝宝的地图搜索工具，支持高德、百度、腾讯地图聚合搜索。 It is an AI Agent Skill for Claude Code / OpenClaw, with 850 downloads so far.

How do I install Map Search?

Run "/install map-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Map Search free?

Yes, Map Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Map Search support?

Map Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Map Search?

It is built and maintained by 收藏夹1区 (@shoucangjia1qu); the current version is v1.0.0.

More Skills