← Back to Skills Marketplace
bigxiaoxin

企查查

by bigxiaoxin · GitHub ↗ · v1.2.1
cross-platform ⚠ suspicious
497
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install qichacha
Description
根据公司名称查询企业基本信息、知识产权(专利/商标/著作权),数据来源企查查、天眼查等。
Usage Guidance
Before installing or running this skill: 1) Review qichacha.js yourself (or have someone you trust do so) — it contains a hard‑coded Tavily API key; consider removing or rotating that key if you control it. 2) Be aware that running npm install will fetch dependencies and package tarballs (package-lock.json points to HTTP mirrors), which increases the risk of tampered packages — prefer running in a sandbox or verifying package integrity. 3) If you require guarantees about data handling, prefer skills that ask you to provide your own API credentials (instead of embedding a vendor key) or that call the official public sites directly. 4) If unsure, do not run npm install or run the script on an isolated machine/container and monitor outbound network traffic (api.tavily.com).
Capability Analysis
Type: OpenClaw Skill Name: qichacha Version: 1.2.1 The skill contains a hardcoded Tavily API key in `qichacha.js`, which is a significant security vulnerability (credential leak). While the script's logic is consistent with its stated purpose of querying enterprise information by using the Tavily search API to aggregate data, the inclusion of static credentials and the use of unencrypted HTTP mirrors in `package-lock.json` (mirrors.tencentyun.com) are high-risk practices.
Capability Assessment
Purpose & Capability
The skill claims to query public company info from sources like 企查查/天眼查; the implementation instead proxies queries through a third‑party service (api.tavily.com). Using an aggregator is plausible, but the code also lists an unused dependency (node‑fetch) in package.json — a minor mismatch but not directly harmful.
Instruction Scope
SKILL.md instructs the agent/user to run npm install and execute qichacha.js — that matches the included code. The README references direct data sources (企查查/天眼查) but the runtime actually sends search queries to Tavily; SKILL.md does not mention this external service or the embedded API key.
Install Mechanism
There is no formal install spec, but SKILL.md tells users to run npm install in the skill directory. package-lock.json records dependencies and resolved tarball URLs that point to mirrors.tencentyun.com via plain HTTP; fetching packages over HTTP increases tampering risk. Also the code does not use the declared dependency (node‑fetch), so npm install will pull unused packages.
Credentials
The skill requests no user credentials, which is reasonable, but it hard‑codes a Tavily API key inside qichacha.js. Embedding a third‑party API key in source is unexpected (and could expose that key or allow the maintainer to observe all queries). The skill does not require or ask for the user's credentials — which reduces direct exfil risk — but the presence of a secret in code is a proportionality/privacy concern.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable only. It does perform network calls at runtime (to api.tavily.com), which is expected for a lookup skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install qichacha
  3. After installation, invoke the skill by name or use /qichacha
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
新增结构化输出、知识产权信息(专利/商标/著作权)
v1.3.0
新增结构化输出、知识产权信息(专利/商标/著作权)
v1.2.0
新增结构化输出、知识产权信息(专利/商标/著作权)
v1.1.0
移除收费功能,免费测试中
v1.0.1
修复 ES module 兼容性问题
v1.0.0
首次发布:支持企业名称查询,集成 SkillPay 收费
Metadata
Slug qichacha
Version 1.2.1
License
All-time Installs 1
Active Installs 1
Total Versions 6
Frequently Asked Questions

What is 企查查?

根据公司名称查询企业基本信息、知识产权(专利/商标/著作权),数据来源企查查、天眼查等。 It is an AI Agent Skill for Claude Code / OpenClaw, with 497 downloads so far.

How do I install 企查查?

Run "/install qichacha" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 企查查 free?

Yes, 企查查 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 企查查 support?

企查查 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 企查查?

It is built and maintained by bigxiaoxin (@bigxiaoxin); the current version is v1.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments