ClawHub

VIN车辆 车型解析 API

v1.0.3

使用积智数据 VIN 车型解析 API,通过 17 位 VIN 车架号查询车辆的车型信息:如品牌、车型、车系、年款、销售类型、发动机、变速箱等信息。

0· 119·0 current·0 all-time
byJu Yuan@polaris2013
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the script sends the provided VIN and JZ_API_KEY to the documented endpoint (https://erp.qipeidao.com/jzOpenClaw/getVinCarType) and returns the API response. Requested env var (JZ_API_KEY) is appropriate for this API.
Instruction Scope
SKILL.md instructs running the included Python script with a VIN and using JZ_API_KEY; the script performs only VIN validation and a single POST to the declared endpoint. Minor inconsistencies: SKILL.md says the script outputs the 'model' field but the script prints the whole JSON response; the argument-count check in main() is buggy (it checks len(sys.argv) < 1 but then reads sys.argv[1]) which may cause a runtime error but is not malicious.
Install Mechanism
No install spec (instruction-only) which minimizes risk. The Python script depends on the 'requests' library but there is no guidance to install it; this is an operational omission, not a malicious install. No downloads from untrusted URLs or archive extraction are present.
Credentials
Only a single API key (JZ_API_KEY) is required and used to call the stated external API. No other credentials, system paths, or unrelated environment variables are requested or accessed.
Persistence & Privilege
Skill does not request persistent or elevated privileges; always:false and it does not modify other skills or system configuration. It performs a single outbound API call when invoked.
Assessment
This skill appears to do exactly what it claims: call the stated VIN API using JZ_API_KEY. Before installing, ensure you trust the API provider (erp.qipeidao.com) and are comfortable supplying your JZ_API_KEY. Make sure Python and the 'requests' package are installed on your agent environment (pip install requests). Note the small bugs/inconsistencies (argument check and difference between documented vs actual printed fields); you may want to test with a non-sensitive VIN first. If you don't recognize or trust the provider, do not reuse credentials elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xbb15j8x54vf6cw709f79983jzyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvJZ_API_KEY
Primary envJZ_API_KEY

Comments