手机号码归属地查询 - 即刻数据
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the AppKey could potentially use the associated Jike API quota or access.
The skill uses a provider AppKey, either from an environment variable or command-line argument, which is expected for this API integration but should be protected.
export JIKE_MOBILE_KEY=你的AppKey ... python3 scripts/mobile_lookup.py --key 你的AppKey 17611491111
Prefer environment-variable or secret-manager storage, avoid passing real keys on shared command lines, and do not commit scripts/.env or keys to repositories.
The provider endpoint receives the full phone number being queried and the AppKey, even though normal text output masks the number for display.
The script sends the full queried phone number and AppKey to the configured API endpoint; by default this is Jike API, but an environment variable can override the base URL.
API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... urllib.parse.urlencode({"mobile": mobile, "appkey": appkey})Only query numbers the user intends to send to Jike API, review the provider’s data handling terms, and ensure JIKE_API_BASE_URL is unset or points to a trusted endpoint.