百家姓查询 - 即刻数据
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your API key and surname query are sent to the configured API endpoint; if JIKE_API_BASE_URL is set incorrectly, they could go to an unintended host.
The script reads a Jike AppKey and includes it in the outbound API request. This is purpose-aligned, but the key is sensitive and the endpoint can be changed by an environment variable.
APPKEY_ENV_NAMES = ("JIKE_SURNAME_QUERY_KEY", "JIKE_APPKEY") ... API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... urllib.parse.urlencode({**params, 'appkey': appkey})Use a dedicated Jike AppKey, prefer environment or .env storage over passing --key on the command line, and leave JIKE_API_BASE_URL unset unless you trust the alternate endpoint.