ISBN Book Number Query - ISBN图书书号查询 Security Report — Trusted | ClawSafe

0 /100

ISBN Book Number Query - ISBN图书书号查询

用 ISBN 查图书详情，或按书名关键字搜书

Legitimate ISBN book query skill using the JisuAPI service with no security concerns.

Skill NameISBN Book Number Query - ISBN图书书号查询

Duration19.6s

Enginepi

✓

Safe to install

No action needed. The skill is a straightforward, well-documented ISBN lookup tool.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md:21 — API calls to jisuapi.com explicitly declared
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:21 — JISU_API_KEY required and declared
Shell	`NONE`	`NONE`	—	No subprocess or shell invocation in isbn.py
Filesystem	`NONE`	`NONE`	—	No file read/write in isbn.py

1 High 9 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:24

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/isbn/

SKILL.md:17

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/api/isbn/

SKILL.md:86

🔗

Medium External URL 外部 URL

http://api.jisuapi.com/isbn/upload/96/033c435b3f0f30.jpg

SKILL.md:92

🔗

Medium External URL 外部 URL

http://product.dangdang.com/22921241.html

SKILL.md:114

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/isbn//upload/99/780099.jpg

SKILL.md:132

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/isbn/query

isbn.py:14

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/isbn/search

isbn.py:15

File Tree

2 files · 10.6 KB · 368 lines

Markdown 1f · 191L Python 1f · 177L

├─ 🐍 isbn.py Python 177L · 4.3 KB

└─ 📝 SKILL.md Markdown 191L · 6.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; minor risk for a read-only API client

Security Positives

✓ No shell execution or subprocess usage

✓ No filesystem access beyond script invocation

✓ No credential exfiltration — JISU_API_KEY is used only to authenticate with the declared API endpoint

✓ Network calls are limited to the documented jisuapi.com domain only

✓ All behavior fully declared in SKILL.md with clear parameter tables

✓ No base64, eval, or dynamic code execution

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ No hidden HTML comments or steganographic payloads

✓ requests library used with a 10-second timeout for safety

Scan Report

File Tree

Dependencies 1 items

Security Positives