AI 企业画像
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently queries a disclosed AI enterprise data API with a declared API token and shows no evidence of hidden persistence, destructive behavior, or unrelated data access.
This appears safe for its stated purpose: AI enterprise research using Jiqizhixin’s data API. Before installing, make sure you are comfortable sending search keywords to that service, keep JQZX_API_TOKEN secret, and do not override BASE_URL unless you trust the alternative endpoint.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
AI-company factual questions may be routed through this skill and its provider-backed API.
This instruction makes the skill the preferred path for a broad class of AI enterprise fact questions. It is disclosed and aligned with the stated purpose, but it can drive external lookups instead of local model answers.
凡是 AI 企业背景、团队、融资、竞争分析问题,必须先走本 Skill ... 严格杜绝使用 LLM 自身记忆回答具体企业事实与时间敏感信息
Use it for provider-backed AI enterprise research, and avoid using it for unrelated or confidential queries you do not want sent to the service.
The configured API token will be sent to the selected endpoint when enterprise searches are run.
The script reads the declared API token from the environment and sends it as an authentication header to the configured API endpoint. This is expected for the service, but the token is a sensitive credential and BASE_URL is environment-overridable.
BASE_URL="${BASE_URL:-https://mcp.applications.jiqizhixin.com}" ... API_TOKEN_FROM_ENV="${JQZX_API_TOKEN:-}" ... --header "X-MCP-TOKEN: ${API_TOKEN_FROM_ENV}"Keep JQZX_API_TOKEN private, use the default trusted endpoint unless you intentionally change it, and avoid running the script in an untrusted environment.
There is no artifact evidence of a malicious installer, but users have limited provenance information about who originally authored the skill.
The artifact set includes the runnable script and no remote installer, but the registry source/provenance is not identified.
Source: unknown ... No install spec — this is an instruction-only skill. ... scripts/query_enterprises.sh
Review the included script and install only if you trust the registry entry and the Jiqizhixin data-service integration.