银行卡三要素核验 - 聚合数据

This skill does what it says: it collects bank card number, name, and ID number and sends them to juhe.cn for verification. Before installing or using it, consider: (1) Privacy/consent — you must have the user's explicit consent to submit their PII to a third party and comply with local regulations. (2) Transport security — the script uses an http API URL; that can expose API keys and PII in transit and to intermediaries or logs. Prefer an HTTPS endpoint (check juhe.cn docs) or a provider that guarantees TLS. (3) API key handling — store JUHE_BANKCARD3_KEY in a restricted environment variable or secret store; avoid committing .env files to repos. (4) Batch data — if you use CSV batch mode, ensure files with PII are stored and deleted securely. (5) Rate limits and billing — the provider may limit calls or charge for usage; handle error codes accordingly. If you need the skill to never transmit raw identifiers, request a design change (e.g., hashed/local-only checks) or confirm the provider's encryption and logging policies. If you want, I can draft a safer configuration checklist or show how to modify the script to use HTTPS and avoid sending the key in the URL query string.