百家姓查询 - 即刻数据
PassAudited by ClawScan on May 9, 2026.
Overview
This is a straightforward surname lookup skill that uses a user-provided Jike API key; no mismatched or hidden harmful behavior was found.
This skill appears safe for its stated purpose. Before installing, make sure you trust Jike API with the surname queries you submit, configure the AppKey carefully, and do not set JIKE_API_BASE_URL unless you intentionally want to send requests to a trusted alternate endpoint.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your API key and surname query are sent to the configured API endpoint; if JIKE_API_BASE_URL is set incorrectly, they could go to an unintended host.
The script reads a Jike AppKey and includes it in the outbound API request. This is purpose-aligned, but the key is sensitive and the endpoint can be changed by an environment variable.
APPKEY_ENV_NAMES = ("JIKE_SURNAME_QUERY_KEY", "JIKE_APPKEY") ... API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... urllib.parse.urlencode({**params, 'appkey': appkey})Use a dedicated Jike AppKey, prefer environment or .env storage over passing --key on the command line, and leave JIKE_API_BASE_URL unset unless you trust the alternate endpoint.