AI 行业资讯雷达
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward AI-news lookup skill using a declared API token and curl helpers, with no evidence of hidden persistence, destructive actions, or unrelated data access.
This skill looks safe to install if you are comfortable using the Jiqizhixin AI-news API. Configure only the required JQZX_API_TOKEN, keep BASE_URL pointed at a trusted endpoint, avoid searching with secrets, and ask the agent to cite returned article IDs or titles.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
For AI industry questions, the agent may prefer calling this external news service instead of answering from built-in knowledge.
The skill gives a broad tool-priority instruction for AI industry questions. This is aligned with the stated goal of avoiding stale factual answers, but it does influence when the agent should use the tool.
凡是 AI 行业资讯问题,必须先走本 Skill 的检索与详情流程 ... 严格杜绝使用 LLM 自身记忆回答具体事实
Use the skill when fresh, cited news is desired, and ask the agent to explain the search window and cited article IDs or titles.
Search keywords, date filters, and pagination choices are sent to the configured news API.
The helper script performs an external GET request using user-provided search parameters. This is central to the news-search purpose and uses URL encoding for query values.
curl -sS --location --request GET "${BASE_URL%/}/api/v1/articles" ... --data-urlencode "keyword=${KEYWORD}"Avoid putting private or secret information into search keywords unless you are comfortable sending it to the configured provider.
The configured API token can authorize calls to the provider service, and it would be sent to any endpoint selected through BASE_URL.
The script sends the declared JQZX_API_TOKEN as an authentication header to the configured API base URL. The default endpoint matches the documented service, but the BASE_URL environment override means users should keep that endpoint trusted.
BASE_URL="${BASE_URL:-https://mcp.applications.jiqizhixin.com}" ... --header "X-MCP-TOKEN: ${API_TOKEN_FROM_ENV}"Use a scoped token if available, keep JQZX_API_TOKEN private, rotate it if exposed, and do not set BASE_URL to an untrusted host.