Back to skill
Skillv1.0.0
ClawScan security
ISBN图书查询 - 即刻数据 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 5:36 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (query an ISBN via jikeapi.cn) but contains small inconsistencies that could let network calls be redirected or use undeclared environment variables — review before installing.
- Guidance
- This skill appears to be an honest wrapper for the jikeapi.cn ISBN lookup, but review these points before installing: 1) Keep your AppKey secret — the skill will send it in a query to the API. 2) The script supports an undocumented JIKE_API_BASE_URL environment variable that can redirect traffic to another host; if you install, ensure that variable is not set to an untrusted URL in your environment. 3) The script will try to read a .env file in its directory for the key — check that file before running to avoid leaking other local secrets. 4) If you want higher assurance, run the script in an isolated environment or inspect/host the code yourself, and confirm the API responses come from api.jikeapi.cn.
Review Dimensions
- Purpose & Capability
- okName, description, included script, and declared requirement (python3 + an AppKey) align: the script validates an ISBN and calls the jikeapi.cn ISBN endpoint to return book metadata.
- Instruction Scope
- concernSKILL.md instructs the agent to call the provided API and run the included script, which it does. However the script reads an additional environment variable (JIKE_API_BASE_URL) to override the API host and also attempts to load a local .env file — both behaviors are not declared in the registry metadata. Undeclared endpoint override is a scope creep risk because it can redirect outbound requests to arbitrary hosts.
- Install Mechanism
- okThis is an instruction-only skill with no install spec; no code is automatically downloaded or installed beyond the included script files.
- Credentials
- noteThe skill declares a single primary credential (JIKE_BOOK_ISBN_QUERY_KEY) which is appropriate. The script also accepts JIKE_APPKEY (documented in SKILL.md) — minor metadata mismatch — and respects an undocumented JIKE_API_BASE_URL env var that can change the request destination. The extra, undocumented env var is the main proportionality concern.
- Persistence & Privilege
- okThe skill does not request persistent presence (always is false) and does not modify other skills or system configs. It only performs an outbound HTTP request at runtime.