Kuaidi Query

WarnAudited by ClawScan on May 18, 2026.

Overview

The skill appears to query package tracking as described, but it ships with a real-looking Track123 API key despite saying users should provide their own.

Review and replace config.json before using this skill. The core logistics-query function is coherent, but the bundled API key should not be trusted; use your own Track123 credential and clear the local cache if shipment data is sensitive.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

Your tracking queries could be associated with someone else's Track123 account, and the exposed key could be abused, rate-limited, or revoked.

Why it was flagged

The distributed package includes a non-placeholder Track123 credential. The script reads config.json for track123.api_secret, so users may unknowingly authenticate with this bundled key instead of their own.

Skill content

"app_key": "120cb954891a4d9aa1418c7012225afb", "api_secret": "120cb954891a4d9aa1418c7012225afb"

Recommendation

Do not rely on the bundled config.json. Replace it with your own Track123 key before use, and rotate the exposed key if it belongs to you.

Medium

#ASI09: Human-Agent Trust Exploitation

What this means

A user may think the skill is safely unconfigured or using only placeholders, while it actually contains a usable-looking credential.

Why it was flagged

The documentation correctly warns that config.json should not be shared, but the package nevertheless includes a config.json containing a real-looking API key. This contradiction can mislead users about the credential state of the installed skill.

Skill content

API Key 是私密凭证，不应该公开分享！ ... 不要将 `config.json` 提交到公共仓库

Recommendation

Publish only config.example.json, remove config.json from the package, and make credential requirements explicit in metadata.

Low

#ASI06: Memory and Context Poisoning

What this means

Shipment details may remain on the local machine after a query until the cache is overwritten or deleted.

Why it was flagged

The skill writes API results to a local cache file. This is aligned with the documented one-hour cache, but cached shipment data may contain tracking numbers, routes, and delivery details.

Skill content

const CACHE_PATH = path.join(SKILL_ROOT, '.cache.json'); ... fs.writeFileSync(CACHE_PATH, JSON.stringify(cache, null, 2));

Recommendation

Use --no-cache for sensitive shipments or delete .cache.json after use if you do not want tracking results retained locally.