Scan Report
15 /100
Mobile Phone Number Undeliverable or Empty Detection
批量检测手机号是否空号、实号、沉默号或风险号
Legitimate phone number validation skill using a third-party API with no hidden functionality or malicious behavior.
Safe to install
Skill is safe to use. Ensure JISU_API_KEY is properly secured and not logged in production environments.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | API key placeholder in documentation | SKILL.md:23 |
| Low | Unsandboxed HTTP requests | mobileempty.py:29 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | mobileempty.py:29 requests.post(API_URL) |
| Environment | READ | READ | ✓ Aligned | mobileempty.py:70 os.getenv('JISU_API_KEY') |
| Filesystem | NONE | NONE | — | No file operations found |
| Shell | NONE | NONE | — | No subprocess or shell execution |
1 High 4 findings
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:23 Medium External URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 Medium External URL 外部 URL
https://www.jisuapi.com/api/mobileempty/ SKILL.md:16 Medium External URL 外部 URL
https://api.jisuapi.com/mobileempty/query mobileempty.py:14 File Tree
2 files · 7.2 KB · 210 lines Markdown 1f · 121L
Python 1f · 89L
├─
mobileempty.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | No version pinning - consider pinning for reproducibility |
Security Positives
✓ No shell or subprocess execution
✓ No credential harvesting or exfiltration
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, eval, or obfuscated code
✓ No hidden functionality beyond declared API wrapper
✓ Environment variable read is declared and necessary
✓ Network requests are declared in SKILL.md and essential to service