upkuajing-company-people-search 安全扫描报告 — 可信 | ClawSafe

5 /100

upkuajing-company-people-search

Official skill for upkuajing (跨境魔方). Find companies and global people data through API.

This is a legitimate business API wrapper skill for company and people data search. All capabilities are declared in SKILL.md and the code implements straightforward API calls without any malicious behavior.

技能名称upkuajing-company-people-search

分析耗时31.3s

引擎pi

✓

可以安装

This skill is safe to use. No additional security controls are required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	scripts/common.py:52 - Creates ~/.upkuajing/ directory and .env file for API key…
网络访问	`READ`	`READ`	✓ 一致	scripts/common.py:16 - Makes POST requests to https://openapi.upkuajing.com (dec…
环境变量	`READ`	`READ`	✓ 一致	scripts/common.py:44 - Reads UPKUAJING_API_KEY from environment or ~/.upkuajing/…
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution found in any script

4 项发现

🔗

中危外部 URL 外部 URL

https://www.upkuajing.com

SKILL.md:4

🔗

中危外部 URL 外部 URL

https://developer.upkuajing.com/

SKILL.md:88

🔗

中危外部 URL 外部 URL

https://www.upkuajing.com/web/openapi/price.html

SKILL.md:93

🔗

中危外部 URL 外部 URL

https://openapi.upkuajing.com

scripts/common.py:16

目录结构

14 文件 · 56.2 KB · 1781 行

Python 7f · 1237L Markdown 6f · 543L Text 1f · 1L

├─ ▾ 📁 references

│ ├─ 📝 company-detail-api.md Markdown 43L · 1.3 KB

│ ├─ 📝 company-list-api.md Markdown 101L · 3.7 KB

│ ├─ 📝 contact-api.md Markdown 37L · 1.4 KB

│ ├─ 📝 human-detail-api.md Markdown 47L · 1.3 KB

│ └─ 📝 human-list-api.md Markdown 109L · 3.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 auth.py Python 177L · 5.2 KB

│ ├─ 🐍 common.py Python 494L · 14.1 KB

│ ├─ 🐍 company_details.py Python 56L · 1.3 KB

│ ├─ 🐍 company_list_search.py Python 193L · 5.9 KB

│ ├─ 🐍 get_contact.py Python 68L · 1.7 KB

│ ├─ 🐍 human_details.py Python 57L · 1.3 KB

│ └─ 🐍 human_list_search.py Python 192L · 5.9 KB

├─ 📄 requirements.txt Text 1L · 14 B

└─ 📝 SKILL.md Markdown 206L · 9.2 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`httpx`	`>=0.23.0`	pip	否	Modern, secure HTTP client library

安全亮点

✓ No shell execution (subprocess) found in any script

✓ No credential harvesting - only handles its own declared API key

✓ No data exfiltration - all network traffic goes to declared API endpoint https://openapi.upkuajing.com

✓ No base64-encoded payloads or obfuscated code

✓ No attempts to access sensitive paths (~/.ssh, ~/.aws, .env files other than its own)

✓ No eval(), exec(), or other dangerous functions

✓ API logging disabled by default (ENABLE_API_LOGGING = False)

✓ Path traversal protection implemented (UUID validation in get_task_dir)

✓ Clean, well-documented code with clear purpose