扫描报告
5 /100
Stock Historical Data Query / 股票历史行情查询
查询股票历史日线数据、K线及走势分析,基于极速数据(JisuAPI)平台
Clean, well-documented stock history query skill that only makes API calls to api.jisuapi.com using the user-provided JISU_API_KEY for declared stock data functionality.
可以安装
No action needed. The skill is safe to use.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | API key placeholder in documentation | SKILL.md:25 |
| 低危 | requests library version not pinned | stockhistory.py:10 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | stockhistory.py:31 — requests.get(url, params=all_params, timeout=10) |
| 环境变量 | READ | READ | ✓ 一致 | stockhistory.py:113 — os.getenv('JISU_API_KEY') |
| 文件系统 | NONE | NONE | — | No file operations — only stdout printing |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
1 高危 4 项发现
高危 API 密钥 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:25 中危 外部 URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 中危 外部 URL 外部 URL
https://www.jisuapi.com/api/stockhistory/ SKILL.md:18 中危 外部 URL 外部 URL
https://api.jisuapi.com/stockhistory stockhistory.py:14 目录结构
2 文件 · 11.5 KB · 342 行 Markdown 1f · 203L
Python 1f · 139L
├─
SKILL.md
Markdown
└─
stockhistory.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | unpinned | import | 否 | Used for HTTP API calls; version not pinned — recommend adding requirements.txt |
安全亮点
✓ No subprocess, shell, or system command execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No data exfiltration or credential theft
✓ No base64, eval, or obfuscated code patterns
✓ No hidden functionality — code matches documented behavior exactly
✓ No reverse shell, C2, or external IP callbacks
✓ API key is only used to authenticate with the declared JisuAPI endpoint
✓ Input validation present for required parameters (code, classid)
✓ Error handling covers network failures, non-200 responses, and invalid JSON
✓ Clean, focused implementation with no dependency on suspicious libraries