by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears coherent and limited to Juhe IP lookups. Before installing: (1) only provide a Juhe API key with appropriate scope — do not reuse high-privilege keys; (2) be aware the current code calls the API over HTTP and passes the key in the URL (risk of interception and logging); prefer switching the API_URL to https://apis.juhe.cn/ip/ipNewV3 if supported; (3) ensure the requests library is installed in a controlled environment; (4) if you allow autonomous agent invocation, know the age...详细分析 ▾
✓ 用途与能力
Name/description (IP归属查询) align with required items: python3 runtime and a Juhe API key. The single code file implements exactly an HTTP call to the Juhe IP lookup endpoint and returns the result.
ℹ 指令范围
SKILL.md instructs installing requests, setting JUHE_API_KEY, and running the script — which matches the code. The script makes an outbound request only to apis.juhe.cn. One security note: the code uses an http:// URL (not HTTPS) and sends the API key as a query parameter, which can expose the key in transit or in server logs; consider switching to HTTPS or using a POST with the key in the body if supported.
✓ 安装机制
No install spec (instruction-only) and only an external Python dependency (requests) is suggested in SKILL.md. There are no downloaded/executed archives or third-party installers.
✓ 凭证需求
The only required environment variable is JUHE_API_KEY (declared as primary), which the skill needs to call the Juhe API. No unrelated credentials, config paths, or secrets are requested.
✓ 持久化与权限
always is false and the skill does not request persistent system-wide changes or modify other skills' configs. It only performs normal outbound API calls when invoked.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/19
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install ip-new
镜像加速npx clawhub@latest install ip-new --registry https://cn.longxiaskill.com镜像同步中