AI 开源项目雷达
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent API-backed AI project research skill, with the main considerations being its required API token, external query sharing, and strong preference for its own data source.
Before installing, confirm that you are comfortable using the Jiqizhixin API for AI project research, protect the JQZX_API_TOKEN, keep BASE_URL pointed at the intended provider endpoint, and avoid submitting confidential internal technology names unless the provider’s data handling terms are acceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may route relevant AI project, model, paper, and resource-link questions to this provider before relying on other sources.
This tells the agent to prioritize this skill for a broad set of AI factual questions. It is disclosed and purpose-aligned, but it affects source selection and answer strategy.
凡是 AI 开源项目、模型、论文与资源链接相关问题,必须先走本 Skill ... 严格杜绝使用 LLM 自身记忆回答具体项目事实
Use the skill when you want provider-backed lookup, and ask for cross-checking with public sources when decisions are important.
The configured API token will be used for authenticated requests, so anyone who can access the environment variable could potentially use the token.
The script reads a required API token from the environment and sends it as an authentication header. This is expected for the declared API integration, but it is still credential handling.
API_TOKEN_FROM_ENV="${JQZX_API_TOKEN:-}" ... --header "X-MCP-TOKEN: ${API_TOKEN_FROM_ENV}"Use a scoped and rotatable token, keep JQZX_API_TOKEN secret, avoid exposing command output or environment dumps, and verify the base URL before running scripts.
Research topics, project names, or internal technology interests entered as keywords may be visible to the external API provider.
User-supplied search keywords are sent to an external provider endpoint. This is the core purpose of the skill, but the provider can see the queried topics.
curl -sS --location --request GET "${BASE_URL%/}/api/v1/projects" ... --data-urlencode "keyword=${KEYWORD}"Avoid sending confidential or proprietary project names unless the provider’s privacy and retention terms are acceptable.