QR Code Generation And Recognition - 二维码生成识别 Security Report — Trusted | ClawSafe

5 /100

QR Code Generation And Recognition - 二维码生成识别

二维码生成与识别工具，基于极速数据API

Legitimate QR code generation/recognition skill using JisuAPI with no security issues found.

Skill NameQR Code Generation And Recognition - 二维码生成识别

Duration31.9s

Enginepi

✓

Safe to install

Skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file system operations
Network	`READ`	`READ`	✓ Aligned	Only makes GET requests to api.jisuapi.com as declared in SKILL.md
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Environment	`READ`	`READ`	✓ Aligned	Reads JISU_API_KEY from environment as declared

1 High 9 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:25

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/qrcode/

SKILL.md:18

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/sms

SKILL.md:47

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/static/images/icon/qrcode.png

SKILL.md:54

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/qrcode/static/images/sample/1.png

SKILL.md:81

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/qrcode

qrcode.py:14

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/sms\

qrcode.py:113

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/qrcode/static/images/sample/1.png\

qrcode.py:114

File Tree

2 files · 10.4 KB · 307 lines

Python 1f · 155L Markdown 1f · 152L

├─ 🐍 qrcode.py Python 155L · 4.2 KB

└─ 📝 SKILL.md Markdown 152L · 6.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Standard requests library; consider pinning version

Security Positives

✓ No shell execution or subprocess calls

✓ No file system writes or sensitive path access

✓ No credential exfiltration - API key only used for service authentication

✓ All network requests go to declared jisuapi.com API endpoint

✓ No hidden functionality - all behavior documented in SKILL.md

✓ Clean code with proper error handling

✓ No base64 piped to bash or other suspicious patterns

✓ Input validation present for JSON parsing and required parameters

Scan Report

File Tree

Dependencies 1 items

Security Positives