Scan Report
5 /100
Bank Card Origin Query - 银行卡归属地查询
Bank card attribution lookup using JisuAPI
A straightforward bank card attribution query tool that makes legitimate API calls to JisuAPI. All behavior is documented and no malicious patterns detected.
Safe to install
No action needed. Skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | bankcard.py:23 - requests.get to api.jisuapi.com |
| Environment | READ | READ | ✓ Aligned | bankcard.py:52 - os.getenv('JISU_API_KEY') |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
1 High 6 findings
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:21 Medium External URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 Medium External URL 外部 URL
https://www.jisuapi.com/api/bankcard SKILL.md:14 Medium External URL 外部 URL
http://www.jisuapi.com/api/bankcard/upload/80/2.png SKILL.md:66 Medium External URL 外部 URL
http://www.icbc.com.cn SKILL.md:68 Medium External URL 外部 URL
https://api.jisuapi.com/bankcard/query bankcard.py:14 File Tree
2 files · 7.6 KB · 236 lines Markdown 1f · 142L
Python 1f · 94L
├─
bankcard.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Standard HTTP library, version not pinned but no security impact for this use case |
Security Positives
✓ Input validation for bankcard field present
✓ Timeout set on API request (10s)
✓ Proper error handling with JSON parsing
✓ Clear documentation of API endpoints and behavior
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env reads)
✓ No exfiltration or data theft patterns
✓ No base64, eval, or obfuscation techniques
✓ No hidden HTML comments or steganography
✓ Third-party dependency (requests) is standard and documented