Skillv1.0.5

ClawScan security

Train Ticket Inquiry - 火车查询 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 3, 2026, 10:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variable are consistent with a train-ticket lookup using the JisuAPI service and do not request unrelated credentials or system access.
Guidance: This skill appears to do what it claims: query JisuAPI for train schedules and ticket availability. Before installing: (1) obtain a JISU_API_KEY from jisuapi.com and set it only for this skill (avoid reusing sensitive keys), (2) ensure the runtime has Python3 and the 'requests' package installed, (3) be aware that queries (start/end/date) are sent to a third-party API over HTTPS — review JisuAPI's privacy/terms if that matters, and (4) rotate the API key if it is ever exposed. If you need offline or local-only behavior, this skill is not suitable because it depends on the external JisuAPI service.

Purpose & Capability: okName/description match the actual behavior: the skill calls JisuAPI train endpoints (station2s, line, ticket). It only requires a JISU_API_KEY and python3, which are appropriate for this purpose.
Instruction Scope: okSKILL.md tells the agent to run the included Python script with JSON parameters. The instructions do not ask the agent to read unrelated files, access other credentials, or transmit data to unexpected endpoints; network calls go to the documented api.jisuapi.com endpoints.
Install Mechanism: noteThere is no install spec (instruction-only with an included script) — low risk. Minor implementation gap: script requires the Python 'requests' library but SKILL.md/metadata do not declare this dependency or provide installation steps.
Credentials: okOnly one required env var (JISU_API_KEY) is declared and used. That key is the expected credential for calling the third-party API; no unrelated secrets or config paths are requested.
Persistence & Privilege: okSkill does not request persistent/always-on presence, does not modify other skills or system configs, and uses no elevated privileges.