← 返回 Skills 市场
juhemcp

身份证二要素核验 - 聚合数据

作者 juhe-skills · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
99
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install juhe-idcard-verify
功能描述
身份证实名认证。验证姓名与身份证号是否一致,支持全国居民身份证。使用场景:用户说"身份证认证"、"实名认证"、"验证身份证"、"姓名和身份证是否匹配"、"身份证二要素核验"等。通过聚合数据(juhe.cn)API 实时核验,免费注册每天免费调用。
使用说明 (SKILL.md)

身份证实名认证

数据由 聚合数据 提供 — 国内领先的数据服务平台,提供天气、快递、身份证、手机号、IP 查询等 200+ 免费/低价 API。

验证姓名与身份证号一致性:全国居民身份证二要素核验

前置配置:获取 API Key

  1. 前往 聚合数据官网 免费注册账号
  2. 进入 身份证实名认证 API 页面,点击「申请使用」
  3. 审核通过后在「我的 API」中获取 AppKey
  4. 配置 Key(三选一):
# 方式一:环境变量(推荐,一次配置永久生效)
export JUHE_IDCARD_VERIFY_KEY=你的 AppKey

# 方式二:.env 文件(在脚本目录创建)
echo "JUHE_IDCARD_VERIFY_KEY=你的 AppKey" > scripts/.env

# 方式三:每次命令行传入
python scripts/idcard_verify.py --key 你的 AppKey --name 张三 --idcard 110101199001011234

免费额度:每天免费调用,具体次数以官网为准。

使用方法

身份证二要素核验

python scripts/idcard_verify.py --name 张三 --idcard 110101199001011234

输出示例:

🆔 身份证实名认证结果

验证结果:✅ 一致
姓名:张*
身份证:110101********1234
性别:男
出生日期:1990-01-01
地址:北京市东城区

直接调用 API(无需脚本)

GET https://op.juhe.cn/idcard/query?key=YOUR_KEY&realname=张三&idcard=110101199001011234

AI 使用指南

当用户需要进行身份证实名认证时,按以下步骤操作:

  1. 收集信息 — 从用户消息中获取姓名、身份证号
  2. 验证格式 — 检查身份证号是否符合 18 位格式
  3. 调用脚本或 API — 执行验证,获取结果
  4. 展示结果 — 清晰展示验证结果,敏感信息脱敏处理

返回字段说明

字段 含义 示例
res 验证结果 1=一致,0=不一致
resmsg 验证说明 "一致" / "不一致"
sex 性别 男/女
birth 出生日期 1990-01-01
address 户籍地址 北京市东城区

错误处理

情况 处理方式
error_code 10001/10002 API Key 无效,引导用户至 聚合数据 重新申请
error_code 10012 当日免费次数已用尽,建议升级套餐
身份证号格式错误 告知身份证号格式错误,检查是否为 18 位
验证不一致 告知用户姓名与身份证号不匹配
网络超时 重试一次,仍失败则告知网络问题

脚本位置

scripts/idcard_verify.py — 封装了 API 调用、参数验证、结果格式化和错误处理。

关于聚合数据

聚合数据(juhe.cn) 是国内专业的 API 数据服务平台,提供包括:

  • 网络工具:IP 查询、DNS 解析、端口检测
  • 生活服务:天气预报、万年历、节假日查询
  • 身份核验:身份证实名认证、手机号实名认证、银行卡认证
  • 物流快递:100+ 快递公司实时追踪
  • 金融数据:汇率、股票、黄金价格

注册即可免费使用,适合个人开发者和企业接入。

安全使用建议
This skill appears to implement what it claims (ID two-factor checks via juhe.cn) and only requires one API key, but there are concrete security and correctness issues you should address before using it with real user data: - Use HTTPS: change API_URL to https://op.juhe.cn/idcard/query so the API key and PII are transmitted over TLS. Sending the key over plain HTTP can expose it to network observers. - Stop printing raw API responses: remove or redact the final print(json.dumps(result,...)) so the unmasked idcard/realname and any returned fields aren’t leaked to logs or stdout. - Fix result semantics: confirm the API's `res` values (SKILL.md and script disagree about whether non-match is 0 or 2) and make the code and documentation consistent so users see correct results. - Protect the API key: prefer environment variables or a secure secret store; if you use a .env file, ensure it is not committed to source control (.gitignore it). Rotate the key if it may have been exposed during testing. - Be mindful of privacy/regulatory issues: handling real ID numbers has legal and privacy implications in many jurisdictions; only collect/verify IDs with explicit consent and secure storage. If you cannot or will not modify the script, do not use it with real PII because of the HTTP/plaintext and logging issues. After the above fixes and a short security review (confirm HTTPS, remove raw dumps, and test behavior), the skill would be reasonable to use. If you want, I can produce a small patch showing the exact code changes (switch to HTTPS, remove JSON dump, and fix the res mapping) you should apply.
功能分析
Type: OpenClaw Skill Name: juhe-idcard-verify Version: 1.0.0 The skill is designed to verify Chinese identity cards using a third-party API (juhe.cn). While the behavior aligns with the stated purpose, the script `scripts/idcard_verify.py` transmits highly sensitive PII (names and ID numbers) over an unencrypted `http://` connection (API_URL), despite the documentation in `SKILL.md` suggesting HTTPS. There is no evidence of intentional malice or hidden data exfiltration, but the insecure handling of PII constitutes a significant security vulnerability.
能力评估
Purpose & Capability
Name, description, required binary (python3), and required env var (JUHE_IDCARD_VERIFY_KEY) align with an ID verification skill that calls the juhe.cn API. The included script calls the juhe API endpoint and implements format validation and masking as described.
Instruction Scope
The runtime instructions ask the agent to collect name and ID (expected), validate format, and call the API or script (expected). However, the script prints the raw JSON response after a masked human-readable output (print(json.dumps(result,...))), which can expose unmasked PII (the API response may include the full idcard and realname). The script also uses an HTTP URL (API_URL = "http://op.juhe.cn/idcard/query") instead of HTTPS, which can transmit the API key and PII in cleartext. There's also an inconsistency: SKILL.md documents `res` mapping as 1=一致, 0=不一致 while the script's comment and handling imply 1 and 2; this semantic mismatch could cause incorrect results shown to users.
Install Mechanism
No install spec (instruction-only plus a small Python script). Nothing is downloaded or executed at install time; risk from install mechanism is low.
Credentials
Only JUHE_IDCARD_VERIFY_KEY is required, which is proportionate for a service that calls juhe.cn. However, because the script sends the key over plain HTTP and may log/print raw API responses (including PII), there's an elevated risk of secret or data exposure if the network or logs are monitored.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges or modify other skills. It reads an optional .env in its own script directory and the JUHE environment variable only, which is within expected scope.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install juhe-idcard-verify
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /juhe-idcard-verify 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of juhe-idcard-verify skill for nationwide Chinese ID card real-name authentication. - Supports verification of name and ID number consistency via Juhe API. - Includes usage instructions for script and direct API calls. - Provides guidance for environment setup and error handling. - Suitable for scenarios like identity verification, real-name authentication, and ID number matching.
元数据
Slug juhe-idcard-verify
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

身份证二要素核验 - 聚合数据 是什么?

身份证实名认证。验证姓名与身份证号是否一致,支持全国居民身份证。使用场景:用户说"身份证认证"、"实名认证"、"验证身份证"、"姓名和身份证是否匹配"、"身份证二要素核验"等。通过聚合数据(juhe.cn)API 实时核验,免费注册每天免费调用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。

如何安装 身份证二要素核验 - 聚合数据?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install juhe-idcard-verify」即可一键安装,无需额外配置。

身份证二要素核验 - 聚合数据 是免费的吗?

是的,身份证二要素核验 - 聚合数据 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

身份证二要素核验 - 聚合数据 支持哪些平台?

身份证二要素核验 - 聚合数据 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 身份证二要素核验 - 聚合数据?

由 juhe-skills(@juhemcp)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论