星座查询 - 即刻数据
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: jike-zodiac-sign-query Version: 1.0.0 The skill bundle is a standard implementation for querying zodiac sign information from the Jike API (jikeapi.cn). The script `scripts/zodiac_sign_query.py` uses Python's standard library to perform authenticated API requests and format the output, with no evidence of malicious behavior, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user must provide an API key, and that key is used to access the Jike service.
The skill reads a Jike API key from CLI/environment/.env sources and includes it in the API request. This is necessary for the declared integration and there is no evidence of unrelated credential use or logging.
APPKEY_ENV_NAMES = ("JIKE_ZODIAC_SIGN_QUERY_KEY", "JIKE_APPKEY") ... urllib.parse.urlencode({**params, 'appkey': appkey})Use a dedicated Jike API key with the minimum needed access, prefer environment variables over command-line --key when possible, and avoid sharing logs or command history containing the key.
If an unexpected JIKE_API_BASE_URL is present in the environment, the query and AppKey could be sent somewhere other than Jike's default API host.
The default endpoint is the disclosed Jike API, but the code also allows an environment variable to override the base URL, which would redirect the zodiac query and AppKey if set.
API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/")Before using the skill, ensure JIKE_API_BASE_URL is unset or set only to a trusted Jike-compatible endpoint.