Driver's License Exam - 驾考题库 Security Report — Trusted | ClawSafe

0 /100

Driver's License Exam - 驾考题库

获取小车/客车/货车/摩托车科目一与科目四题库

Legitimate driver exam question bank skill that only makes documented API calls to jisuapi.com using environment-configured credentials.

Skill NameDriver's License Exam - 驾考题库

Duration22.8s

Enginepi

✓

Safe to install

No action needed. Skill is safe for use.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	driverexam.py:36 - requests.get to api.jisuapi.com
Environment	`READ`	`READ`	✓ Aligned	driverexam.py:75 - os.getenv('JISU_API_KEY')
Filesystem	`NONE`	`NONE`	—	No file operations beyond script loading
Shell	`NONE`	`NONE`	—	No subprocess or shell commands

1 High 4 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:27

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/driverexam/

SKILL.md:14

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/driverexam/query

driverexam.py:14

File Tree

2 files · 9.6 KB · 265 lines

Markdown 1f · 160L Python 1f · 105L

├─ 🐍 driverexam.py Python 105L · 2.6 KB

└─ 📝 SKILL.md Markdown 160L · 7.0 KB

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned (minor practice issue, not a security concern)

✓ Credentials stored in environment variable (JISU_API_KEY), not hardcoded

✓ No shell execution capabilities declared or implemented

✓ No sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No credential exfiltration or data theft behavior

✓ API calls limited to documented jisuapi.com endpoint

✓ Input validation for required 'type' parameter

✓ Error handling for network requests and JSON parsing

✓ Timeout set on HTTP requests (10s)