Scan Report
5 /100
Base Station / Cell Query - 基站查询
根据移动/联通/电信基站参数查询大致位置(经纬度与地址)
Legitimate cell tower location query skill that makes a single authenticated API call to JisuAPI; no suspicious behavior detected.
Safe to install
No action needed. This is a benign API integration skill.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Info | API Key Placeholder in Documentation | SKILL.md:25 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | cell.py reads sys.argv only; no file writes |
| Network | READ | READ | ✓ Aligned | cell.py:66 makes single GET to api.jisuapi.com/cell/query as documented |
| Environment | READ | READ | ✓ Aligned | cell.py:90 reads JISU_API_KEY for API authentication only |
| Shell | NONE | NONE | — | No subprocess or shell execution detected |
1 High 4 findings
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here" SKILL.md:25 Medium External URL 外部 URL
https://www.jisuapi.com/ SKILL.md:9 Medium External URL 外部 URL
https://www.jisuapi.com/api/cell/ SKILL.md:14 Medium External URL 外部 URL
https://api.jisuapi.com/cell/query cell.py:14 File Tree
2 files · 9.0 KB · 257 lines Markdown 1f · 141L
Python 1f · 116L
├─
cell.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | unspecified | pip | No | Standard HTTP library; no version pinned but no vulnerability concerns for this use case |
Security Positives
✓ Single, well-defined API endpoint to legitimate JisuAPI service
✓ Input validation for required parameters (mnc, lac, cellid)
✓ No credential exfiltration - API key used only for authentication
✓ No shell execution or subprocess usage
✓ No filesystem write operations
✓ No hidden functionality - code is straightforward
✓ Explicit error handling for network failures and invalid JSON
✓ Clear documentation matches actual implementation