Scan Report
0 /100
Weibo, Baidu, Douyin Hot Search List
获取微博、百度、抖音等平台热搜榜单与链接等
Legitimate hot search aggregation skill that makes outbound API calls to jisuapi.com for Weibo/Baidu/Douyin trending data.
Safe to install
No action needed. Consider pinning the requests library version in a requirements.txt for reproducibility.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | requests library not version-pinned | hotsearch.py:11 |
| Info | Placeholder API key in documentation | SKILL.md:28 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | hotsearch.py:36 - makes HTTPS GET to api.jisuapi.com |
| Environment | READ | READ | ✓ Aligned | hotsearch.py:81 - reads JISU_API_KEY |
| Filesystem | NONE | NONE | — | No file I/O operations |
| Shell | NONE | NONE | — | No subprocess or shell execution |
1 High 5 findings
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:28 Medium External URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 Medium External URL 外部 URL
https://www.jisuapi.com/api/hotsearch/ SKILL.md:22 Medium External URL 外部 URL
https://s.weibo.com/weibo?q=... SKILL.md:67 Medium External URL 外部 URL
https://api.jisuapi.com/hotsearch hotsearch.py:14 File Tree
2 files · 7.0 KB · 213 lines Markdown 1f · 117L
Python 1f · 96L
├─
hotsearch.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Version not pinned |
Security Positives
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No shell command execution or subprocess usage
✓ No data exfiltration or credential harvesting
✓ API key only used locally to authenticate with jisuapi.com
✓ No base64, eval, or obfuscated code patterns
✓ Clear, documented purpose with declared API dependency
✓ Simple, readable code with proper error handling