ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Juhe Telephone Verify

核验手机号码、姓名、身份证号三要素是否匹配(运营商实名认证)。支持查询运营商、省份、城市信息。Use when user needs to verify Chinese phone number + name + ID card match (telecom real-name authentication).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 38 · 0 current installs · 0 all-time installs
by@xwzgit
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, references/api.md, and the Python script all target Juhe's telecom three-element verification API (https://v.juhe.cn/telecom/query). Requesting a Juhe API key is appropriate for the described functionality. However, the registry metadata and SKILL.md contain inconsistent environment variable names (see environment_proportionality), which is an implementation error that affects the declared purpose.
Instruction Scope
Runtime instructions are limited to reading an API key from ~/.openclaw/openclaw.json or the JUHE_TELEPHONE_VERIFY_KEY environment variable and calling the Juhe API. The script prints the input name/ID/phone in its output (privacy-sensitive). There is no evidence of hidden endpoints or exfiltration beyond the legitimate Juhe API call. SKILL.md includes a privacy warning but the code will echo sensitive inputs to stdout, so users should be cautious about logs.
Install Mechanism
This is instruction-only with an included Python script (no install spec). It requires python3 (declared) and imports the 'requests' library, but 'requests' is not declared in the metadata or install instructions — this omission can cause runtime failures. No downloaded code from remote URLs or other high-risk install behavior is present.
!
Credentials
Only a single API credential is appropriate. But there is a critical inconsistency: the registry/metadata and SKILL.md metadata declare JUHE_TELEPHON_VERIFY_KEY (missing 'E'), while the SKILL.md configuration instructions and the script read JUHE_TELEPHONE_VERIFY_KEY. The manifest's required env var (JUHE_TELEPHON_VERIFY_KEY) does not match what the code actually looks up, which can lead to missing-key failures or accidental exposure if users set the wrong variable. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request persistent or elevated privileges. always is false, it is user-invocable, and it does not modify other skills or system-wide settings. It only reads a user-local config file (~/.openclaw/openclaw.json) and env vars.
What to consider before installing
This skill appears to implement the stated Juhe telecom verification API, but do not install blindly. Before using: 1) Fix or verify the environment variable name — the code expects JUHE_TELEPHONE_VERIFY_KEY but the manifest lists JUHE_TELEPHON_VERIFY_KEY; set the correct variable or update the skill manifest. 2) Ensure the Python environment has the 'requests' package installed (pip install requests) or the script will fail. 3) Only provide a Juhe API key you trust and store it securely in ~/.openclaw/openclaw.json or as the environment variable; verify the file permissions so logs/configs don't leak it. 4) Be aware the script prints the provided name, ID, and mobile to stdout (sensitive); avoid running where outputs are logged or shared. 5) If you need higher assurance, review the script source yourself or run it in an isolated environment; the env-var mismatch is likely a typo but should be corrected before relying on the skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97518r9c4vwf6wqqh11f4n1q183fz0d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📞 Clawdis
Binspython3
EnvJUHE_TELEPHON_VERIFY_KEY
Primary envJUHE_TELEPHON_VERIFY_KEY

SKILL.md

手机号码三要素核验

核验手机号码、姓名、身份证号三要素是否匹配,返回核验结果及运营商信息。

配置

~/.openclaw/openclaw.jsonenv.vars 中配置:

"JUHE_TELEPHONE_VERIFY_KEY": "你的 API Key"

获取 API Key: https://www.juhe.cn/ → 搜索"运营商三要素核验" → 个人中心 → 我的数据

使用

直接调用: 提供姓名、身份证号、手机号

"核验张三的三要素,身份证 44030419900101001X,手机 13800000000"

命令行:

python3 scripts/telephone_verify.py --mobile "13800000000" --name "张三" --idcard "44030419900101001X"

参数

参数必填说明
mobile手机号码
realname真实姓名
idcard身份证号码

结果

结果码说明
1✅ 三要素一致
2❌ 三要素不一致
220803查询无此记录
220807-220809参数格式错误

成功响应:

{
  "error_code": 0,
  "result": {
    "res": 1,
    "resmsg": "三要素身份验证一致",
    "type": "电信",
    "province": "江苏省",
    "city": "苏州市"
  }
}

注意

  • 隐私信息敏感,使用后及时清理
  • 仅用于合法合规场景
  • 详见 references/api.md 完整文档

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…