Driver's License Exam - 驾考题库安全扫描报告 — 可信 | ClawSafe

0 /100

Driver's License Exam - 驾考题库

获取小车/客车/货车/摩托车科目一与科目四题库

Legitimate driver exam question bank skill that only makes documented API calls to jisuapi.com using environment-configured credentials.

技能名称Driver's License Exam - 驾考题库

分析耗时22.8s

引擎pi

✓

可以安装

No action needed. Skill is safe for use.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	driverexam.py:36 - requests.get to api.jisuapi.com
环境变量	`READ`	`READ`	✓ 一致	driverexam.py:75 - os.getenv('JISU_API_KEY')
文件系统	`NONE`	`NONE`	—	No file operations beyond script loading
命令执行	`NONE`	`NONE`	—	No subprocess or shell commands

1 高危 4 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:27

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/api/driverexam/

SKILL.md:14

🔗

中危外部 URL 外部 URL

https://api.jisuapi.com/driverexam/query

driverexam.py:14

目录结构

2 文件 · 9.6 KB · 265 行

Markdown 1f · 160L Python 1f · 105L

├─ 🐍 driverexam.py Python 105L · 2.6 KB

└─ 📝 SKILL.md Markdown 160L · 7.0 KB

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned (minor practice issue, not a security concern)

✓ Credentials stored in environment variable (JISU_API_KEY), not hardcoded

✓ No shell execution capabilities declared or implemented

✓ No sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No credential exfiltration or data theft behavior

✓ API calls limited to documented jisuapi.com endpoint

✓ Input validation for required 'type' parameter

✓ Error handling for network requests and JSON parsing

✓ Timeout set on HTTP requests (10s)