歇后语查询 - 即刻数据
PassAudited by ClawScan on May 9, 2026.
Overview
This appears to be a straightforward Chinese xiehouyu lookup skill, with the main caveat that it sends your API key and search terms to the configured API endpoint.
Install only if you are comfortable sending your queried keyword and Jike AppKey to the configured Jike API endpoint. Configure the key through the documented environment variable, leave JIKE_API_BASE_URL unset unless you know why you need it, and review your provider account limits.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Jike AppKey and any search keyword are sent to the configured API service; if JIKE_API_BASE_URL is set to an untrusted host, the key could be sent there instead.
The helper reads a provider AppKey and includes it in the request URL. The default destination is Jike's API, but an environment variable can change the API base URL.
APPKEY_ENV_NAMES = ("JIKE_XIEHOUYU_QUERY_KEY", "JIKE_APPKEY") ... API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... urllib.parse.urlencode({**params, 'appkey': appkey})Use a scoped Jike API key, keep JIKE_API_BASE_URL unset unless you intentionally trust a different endpoint, and avoid passing --key in shared shell history.