ID Card Number Origin Query - 身份证号码归属地查询 Security Report — Low Risk | ClawSafe

15 /100

ID Card Number Origin Query - 身份证号码归属地查询

身份证号码归属地查询，基于极速数据 API

Simple ID card query wrapper that legitimately calls an external API with an API key from environment variables. No malicious patterns detected.

Skill NameID Card Number Origin Query - 身份证号码归属地查询

Duration22.7s

Enginepi

✓

Safe to install

Skill is safe to use. No action required.

Findings 1 items

Severity	Finding	Location
Info	API key placeholder in documentation SKILL.md shows 'your_appkey_here' as the API key placeholder. This is standard documentation practice and not a security risk. `export JISU_API_KEY="your_appkey_here"` → No action needed. Consider adding a note clarifying this is a placeholder value.	`SKILL.md:28`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	No filesystem access in code
Network	`READ`	`READ`	✓ Aligned	HTTP GET to jisuapi.com APIs
Shell	`NONE`	`NONE`	—	No subprocess or shell execution
Environment	`READ`	`READ`	✓ Aligned	Reads JISU_API_KEY from os.getenv()

1 High 6 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:28

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/idcard/

SKILL.md:21

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/idcard

idcard.py:5

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/idcard/query

idcard.py:14

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/idcard/city2code

idcard.py:15

File Tree

2 files · 9.6 KB · 305 lines

Markdown 1f · 155L Python 1f · 150L

├─ 🐍 idcard.py Python 150L · 3.6 KB

└─ 📝 SKILL.md Markdown 155L · 6.0 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; no vulnerabilities detected

Security Positives

✓ No subprocess or shell execution

✓ No file system writes

✓ No credential exfiltration

✓ No base64/encoded payloads

✓ No hidden functionality

✓ API key read only from environment (legitimate use)

✓ Timeout set on HTTP requests (10s)

✓ Clean, straightforward code with no obfuscation

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives