Trademark Information Inquiry - 商标信息查询 Security Report — Low Risk | ClawSafe

10 /100

Trademark Information Inquiry - 商标信息查询

商标关键词搜索与详情查询（申请人、分类、公告等）

A straightforward trademark lookup skill using a legitimate third-party API (JisuAPI) with no malicious behavior detected. The sole flagged IOC is a documentation placeholder string, not actual hardcoded credentials.

Skill NameTrademark Information Inquiry - 商标信息查询

Duration23.7s

Enginepi

✓

Safe to install

No action required. The skill is safe to use. Consider pinning the 'requests' library version in a requirements.txt for reproducible builds.

Findings 2 items

Severity	Finding	Location
Low	Documentation example uses placeholder credential string SKILL.md line 24 shows 'API_KEY="your_appkey_here"' as a usage example. This is a common documentation pattern and not actual embedded credentials. `export JISU_API_KEY="your_appkey_here"` → Consider using a more explicit placeholder format like '<YOUR_API_KEY>' to avoid confusion with actual credential patterns.	`SKILL.md:24`
Low	No dependency pinning The 'requests' library is imported without version constraints. No requirements.txt exists. `import requests` → Add a requirements.txt with pinned versions for reproducible builds: requests>=2.28.0	`trademark.py:7`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	trademark.py:17 — makes GET requests to api.jisuapi.com
Environment	`READ`	`READ`	✓ Aligned	trademark.py:107 — reads JISU_API_KEY via os.getenv
Filesystem	`NONE`	`NONE`	—	No file I/O operations in trademark.py
Shell	`NONE`	`NONE`	—	No subprocess/os.system calls in trademark.py
Skill Invoke	`NONE`	`NONE`	—	No skill invocation chains
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

1 High 6 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:24

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://www.jisuapi.com/api/trademark/

SKILL.md:17

🔗

Medium External URL 外部 URL

http://api.jisuapi.com/trademark/upload/201807/31173651574910.jpg

SKILL.md:109

🔗

Medium External URL 外部 URL

http://api.jisuapi.com/trademark/upload/201807/29194006862201.jpg

SKILL.md:134

🔗

Medium External URL 外部 URL

https://api.jisuapi.com/trademark

trademark.py:14

File Tree

2 files · 11.0 KB · 350 lines

Markdown 1f · 198L Python 1f · 152L

├─ 📝 SKILL.md Markdown 198L · 7.1 KB

└─ 🐍 trademark.py Python 152L · 3.9 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`not specified`	pip	No	No version pinning — recommend adding requirements.txt with pinned version

Security Positives

✓ No shell execution (subprocess, os.system, etc.)

✓ No file writes or filesystem manipulation

✓ No credential harvesting beyond the declared JISU_API_KEY

✓ No network exfiltration or data theft patterns

✓ No obfuscation techniques (base64, eval, etc.)

✓ Clean, simple implementation focused solely on API calls

✓ Basic input validation for required parameters

✓ Proper error handling with status code and JSON validation

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives