扫描报告
0 /100
Douban Movie (justoneapi_douban)
Analyze Douban Movie workflows with JustOneAPI, including movie Reviews, review Details, and subject Details across 6 operations.
A clean API wrapper skill for Douban Movie data with no security concerns — only performs declared HTTP GET requests to a single external API endpoint.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | bin/run.mjs:86 - fetch(url, requestInit) to https://api.justoneapi.com only |
| 文件系统 | NONE | NONE | — | No file operations in bin/run.mjs |
| 命令执行 | NONE | NONE | — | No subprocess/exec calls in bin/run.mjs |
| 环境变量 | NONE | NONE | — | Token passed as CLI argument, no os.environ iteration |
| 技能调用 | NONE | NONE | — | No dynamic skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database connections |
1 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 目录结构
4 文件 · 28.8 KB · 967 行 JavaScript 1f · 479L
JSON 1f · 277L
Markdown 2f · 211L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Only uses Node.js built-in APIs (fetch, URL, process) — no external dependencies
✓ All 6 operations are HTTP GET requests to a single declared API endpoint
✓ Token passed explicitly via CLI argument, never reads from environment directly
✓ Manifest declares all parameters; no undocumented fields or dynamic evaluation
✓ Documentation (SKILL.md) accurately describes the implementation with no hidden behavior
✓ No obfuscation, no base64 payloads, no dynamic code generation
✓ No shell execution, no file system access, no sensitive path enumeration
✓ Script is a straightforward OpenAPI client — no credential harvesting or data exfiltration