warn
suspicious.insecure_tls_verification
- Location
- scripts/train_query.js:21
- Finding
- HTTPS certificate verification is disabled.
12306 Train Query
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.insecure_tls_verification
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Someone able to intercept the network connection could modify train station or availability results, potentially misleading travel decisions.
Why it was flagged
The script disables HTTPS certificate verification when fetching 12306 station data, and the ticket-query options also set rejectUnauthorized: false. This makes the external data source less trustworthy.
Skill content
https.get(url, { rejectUnauthorized: false }, (res) => {Recommendation
Remove rejectUnauthorized: false and use normal HTTPS certificate validation. Avoid using this script for account login or purchases unless the TLS handling is fixed.