Scan Report
0 /100
Auto Parts OE Inquiry
查配件品牌、OE号模糊搜、适用车型与替换件等
This is a straightforward auto parts OE query skill that makes HTTP GET requests to a legitimate Chinese API service (jisuapi.com) with no suspicious behavior detected.
Safe to install
No action required. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations in parts.py |
| Network | READ | READ | ✓ Aligned | parts.py:45-48 makes HTTP GET to api.jisuapi.com |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution |
| Environment | READ | READ | ✓ Aligned | parts.py:114 reads JISU_API_KEY (declared in SKILL.md metadata) |
| Skill Invoke | NONE | NONE | — | No nested skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
1 High 4 findings
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:28 Medium External URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 Medium External URL 外部 URL
https://www.jisuapi.com/api/parts/ SKILL.md:21 Medium External URL 外部 URL
https://api.jisuapi.com/parts parts.py:14 File Tree
2 files · 11.1 KB · 296 lines Python 1f · 165L
Markdown 1f · 131L
├─
parts.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Standard HTTP library, no version constraint needed for this use case |
Security Positives
✓ No shell execution or subprocess usage
✓ No credential harvesting or exfiltration
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, eval, or obfuscated code patterns
✓ No hidden functionality - code matches documentation
✓ External API endpoint is clearly declared (jisuapi.com)
✓ No remote script execution (curl|bash, wget|sh)
✓ Version pinning not required - standard API client library (requests)