扫描报告
0 /100
Auto Parts OE Inquiry
查配件品牌、OE号模糊搜、适用车型与替换件等
This is a straightforward auto parts OE query skill that makes HTTP GET requests to a legitimate Chinese API service (jisuapi.com) with no suspicious behavior detected.
可以安装
No action required. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in parts.py |
| 网络访问 | READ | READ | ✓ 一致 | parts.py:45-48 makes HTTP GET to api.jisuapi.com |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell execution |
| 环境变量 | READ | READ | ✓ 一致 | parts.py:114 reads JISU_API_KEY (declared in SKILL.md metadata) |
| 技能调用 | NONE | NONE | — | No nested skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
1 高危 4 项发现
高危 API 密钥 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:28 中危 外部 URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 中危 外部 URL 外部 URL
https://www.jisuapi.com/api/parts/ SKILL.md:21 中危 外部 URL 外部 URL
https://api.jisuapi.com/parts parts.py:14 目录结构
2 文件 · 11.1 KB · 296 行 Python 1f · 165L
Markdown 1f · 131L
├─
parts.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | * | pip | 否 | Standard HTTP library, no version constraint needed for this use case |
安全亮点
✓ No shell execution or subprocess usage
✓ No credential harvesting or exfiltration
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, eval, or obfuscated code patterns
✓ No hidden functionality - code matches documentation
✓ External API endpoint is clearly declared (jisuapi.com)
✓ No remote script execution (curl|bash, wget|sh)
✓ Version pinning not required - standard API client library (requests)