车牌号码归属地 - 即刻数据
PassAudited by ClawScan on May 9, 2026.
Overview
This is a straightforward vehicle-plate lookup skill that uses a Jike API key and sends the queried plate or prefix to Jike’s API, with no hidden persistence or destructive behavior found.
Before installing, make sure you are comfortable sending queried plate numbers or prefixes to Jike’s API and storing a Jike AppKey in your environment. Keep the key secret and check that no untrusted JIKE_API_BASE_URL override is present.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Jike AppKey and the plate or prefix you query are transmitted to the external API service; if JIKE_API_BASE_URL is set, the destination can be changed from the default Jike endpoint.
The script uses an API credential and sends it with the user’s plate query to the configured API endpoint. This is purpose-aligned and disclosed, but it is still credential use that users should notice.
API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... urllib.parse.urlencode({'plate_number': plate_number, 'appkey': appkey})Use a dedicated Jike AppKey, keep it private, prefer environment variables over passing it on the command line on shared systems, and ensure JIKE_API_BASE_URL is unset or points only to a trusted endpoint.