Calendar - 万年历查询 Security Report — Trusted | ClawSafe

5 /100

Calendar - 万年历查询

查询指定日期的公历、农历、星座、生肖、黄历要点与节假日

A straightforward calendar API wrapper that queries jisuapi.com for lunar/Gregorian calendar data. No malicious behavior detected.

Skill NameCalendar - 万年历查询

Duration24.7s

Enginepi

✓

Safe to install

Skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	calendar.py:52 - requests.get to jisuapi.com
Environment	`READ`	`READ`	✓ Aligned	calendar.py:137 - os.getenv('JISU_API_KEY')
Filesystem	`NONE`	`NONE`	—	No file operations in code
Shell	`NONE`	`NONE`	—	No subprocess or shell execution

1 High 5 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:26

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/calendar/

SKILL.md:14

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/calendar/query

calendar.py:14

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/calendar/holiday

calendar.py:15

File Tree

2 files · 10.9 KB · 332 lines

Markdown 1f · 187L Python 1f · 145L

├─ 🐍 calendar.py Python 145L · 3.7 KB

└─ 📝 SKILL.md Markdown 187L · 7.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; standard library requests with no known critical vulnerabilities for this use case

Security Positives

✓ Clean, simple code with no obfuscation or suspicious patterns

✓ API key only sent to documented jisuapi.com endpoint

✓ No credential exfiltration or data leakage

✓ Proper timeout (10s) on HTTP requests

✓ No filesystem writes or shell execution

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ No base64, eval, or dynamic code execution

Scan Report

File Tree

Dependencies 1 items

Security Positives