Security audit

银行支行、联行号查询 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward bank-branch lookup skill that uses a third-party API, with privacy and API-key handling caveats but no evidence of hidden or destructive behavior.

Install only if you trust jikeapi.cn and are comfortable sending bank and branch search terms to that service. Prefer setting the AppKey in the documented environment variable rather than on the command line, avoid putting unrelated secrets in the script directory .env file, and do not set JIKE_API_BASE_URL unless you intentionally point it at a trusted endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Tainted flow: 'url' from os.environ.get (line 173, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: """ url = f"{API_BASE_URL}{API_PATH_MAP[command]}?{urllib.parse.urlencode({**params, 'appkey': appkey})}" try: with urllib.request.urlopen(url, timeout=15) as response: return json.loads(response.read().decode("utf-8")) except urllib.error.HTTPError as exc: return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence: 93% confidence
Finding: with urllib.request.urlopen(url, timeout=15) as response:

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill sends user-supplied banking queries to a third-party API service but does not clearly warn users that their search terms and possibly sensitive financial context will be transmitted externally. Even if the data is not highly secret by default, branch/location queries can contain personal or business banking intent, creating privacy and compliance risk when shared without explicit disclosure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The AppKey is appended to the URL query string, which is commonly exposed in logs, proxy records, browser/history artifacts, monitoring systems, and error traces. Even over HTTPS, query-string secrets are more likely to be retained or disclosed than credentials sent in an Authorization header or request body.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.