Base Station / Cell Query - 基站查询安全扫描报告 — 可信 | ClawSafe

5 /100

Base Station / Cell Query - 基站查询

根据移动/联通/电信基站参数查询大致位置（经纬度与地址）

Legitimate cell tower location query skill that makes a single authenticated API call to JisuAPI; no suspicious behavior detected.

技能名称Base Station / Cell Query - 基站查询

分析耗时23.9s

引擎pi

✓

可以安装

No action needed. This is a benign API integration skill.

安全发现 1 项

严重性	安全发现	位置
提示	API Key Placeholder in Documentation SKILL.md:25 shows 'export JISU_API_KEY=your_appkey_here' which is a clearly labeled placeholder requiring user configuration, not a hardcoded credential. `export JISU_API_KEY="your_appkey_here"` → This is acceptable documentation practice. No action needed.	`SKILL.md:25`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	cell.py reads sys.argv only; no file writes
网络访问	`READ`	`READ`	✓ 一致	cell.py:66 makes single GET to api.jisuapi.com/cell/query as documented
环境变量	`READ`	`READ`	✓ 一致	cell.py:90 reads JISU_API_KEY for API authentication only
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution detected

1 高危 4 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:25

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/api/cell/

SKILL.md:14

🔗

中危外部 URL 外部 URL

https://api.jisuapi.com/cell/query

cell.py:14

2 文件 · 9.0 KB · 257 行

Markdown 1f · 141L Python 1f · 116L

├─ 🐍 cell.py Python 116L · 2.8 KB

└─ 📝 SKILL.md Markdown 141L · 6.1 KB

包名	版本	来源	已知漏洞	备注
`requests`	`unspecified`	pip	否	Standard HTTP library; no version pinned but no vulnerability concerns for this use case

✓ Single, well-defined API endpoint to legitimate JisuAPI service

✓ Input validation for required parameters (mnc, lac, cellid)

✓ No credential exfiltration - API key used only for authentication

✓ No shell execution or subprocess usage

✓ No filesystem write operations

✓ No hidden functionality - code is straightforward

✓ Explicit error handling for network failures and invalid JSON

✓ Clear documentation matches actual implementation