Trademark Information Inquiry - 商标信息查询安全扫描报告 — 低风险 | ClawSafe

10 /100

Trademark Information Inquiry - 商标信息查询

商标关键词搜索与详情查询（申请人、分类、公告等）

A straightforward trademark lookup skill using a legitimate third-party API (JisuAPI) with no malicious behavior detected. The sole flagged IOC is a documentation placeholder string, not actual hardcoded credentials.

技能名称Trademark Information Inquiry - 商标信息查询

分析耗时23.7s

引擎pi

✓

可以安装

No action required. The skill is safe to use. Consider pinning the 'requests' library version in a requirements.txt for reproducible builds.

安全发现 2 项

严重性	安全发现	位置
低危	Documentation example uses placeholder credential string SKILL.md line 24 shows 'API_KEY="your_appkey_here"' as a usage example. This is a common documentation pattern and not actual embedded credentials. `export JISU_API_KEY="your_appkey_here"` → Consider using a more explicit placeholder format like '<YOUR_API_KEY>' to avoid confusion with actual credential patterns.	`SKILL.md:24`
低危	No dependency pinning The 'requests' library is imported without version constraints. No requirements.txt exists. `import requests` → Add a requirements.txt with pinned versions for reproducible builds: requests>=2.28.0	`trademark.py:7`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	trademark.py:17 — makes GET requests to api.jisuapi.com
环境变量	`READ`	`READ`	✓ 一致	trademark.py:107 — reads JISU_API_KEY via os.getenv
文件系统	`NONE`	`NONE`	—	No file I/O operations in trademark.py
命令执行	`NONE`	`NONE`	—	No subprocess/os.system calls in trademark.py
技能调用	`NONE`	`NONE`	—	No skill invocation chains
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

1 高危 6 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_appkey_here"

SKILL.md:24

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/

SKILL.md:9

🔗

中危外部 URL 外部 URL

https://www.jisuapi.com/api/trademark/

SKILL.md:17

🔗

中危外部 URL 外部 URL

http://api.jisuapi.com/trademark/upload/201807/31173651574910.jpg

SKILL.md:109

🔗

中危外部 URL 外部 URL

http://api.jisuapi.com/trademark/upload/201807/29194006862201.jpg

SKILL.md:134

🔗

中危外部 URL 外部 URL

https://api.jisuapi.com/trademark

trademark.py:14

目录结构

2 文件 · 11.0 KB · 350 行

Markdown 1f · 198L Python 1f · 152L

├─ 📝 SKILL.md Markdown 198L · 7.1 KB

└─ 🐍 trademark.py Python 152L · 3.9 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`not specified`	pip	否	No version pinning — recommend adding requirements.txt with pinned version

安全亮点

✓ No shell execution (subprocess, os.system, etc.)

✓ No file writes or filesystem manipulation

✓ No credential harvesting beyond the declared JISU_API_KEY

✓ No network exfiltration or data theft patterns

✓ No obfuscation techniques (base64, eval, etc.)

✓ Clean, simple implementation focused solely on API calls

✓ Basic input validation for required parameters

✓ Proper error handling with status code and JSON validation