星座查询 - 即刻数据
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user must provide an API key, and that key is used to access the Jike service.
The skill reads a Jike API key from CLI/environment/.env sources and includes it in the API request. This is necessary for the declared integration and there is no evidence of unrelated credential use or logging.
APPKEY_ENV_NAMES = ("JIKE_ZODIAC_SIGN_QUERY_KEY", "JIKE_APPKEY") ... urllib.parse.urlencode({**params, 'appkey': appkey})Use a dedicated Jike API key with the minimum needed access, prefer environment variables over command-line --key when possible, and avoid sharing logs or command history containing the key.
If an unexpected JIKE_API_BASE_URL is present in the environment, the query and AppKey could be sent somewhere other than Jike's default API host.
The default endpoint is the disclosed Jike API, but the code also allows an environment variable to override the base URL, which would redirect the zodiac query and AppKey if set.
API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/")Before using the skill, ensure JIKE_API_BASE_URL is unset or set only to a trusted Jike-compatible endpoint.