中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
justoneapi_facebook
Analyze Facebook workflows with JustOneAPI, including post Search, get Profile ID, and get Profile Posts.
This is a legitimate, transparent JustOneAPI wrapper for three Facebook operations with no hidden functionality, no shell access, and no credential exfiltration beyond the declared API token sent to the expected endpoint.
技能名称justoneapi_facebook
分析耗时23.4s
引擎pi
可以安装
No action needed. The skill is safe to use as documented.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 bin/run.mjs:116 — response = await fetch(url, requestInit); makes GET requests t…
文件系统 NONE NONE bin/run.mjs — no file read/write operations; script is executed by the shell, no…
命令执行 NONE NONE bin/run.mjs — no subprocess, exec, spawn, or shell command invocation
环境变量 NONE NONE bin/run.mjs — no process.env access beyond the CLI-passed token
技能调用 NONE NONE No cross-skill invocation detected
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
2 项发现
🔗
中危 外部 URL 外部 URL
https://api.justoneapi.com
SKILL.md:5
🔗
中危 外部 URL 外部 URL
https://www.facebook.com
bin/run.mjs:29

目录结构

4 文件 · 20.3 KB · 653 行
JavaScript 1f · 362L JSON 1f · 160L Markdown 2f · 131L
├─ 📁 bin
│ └─ 📜 run.mjs JavaScript 362L · 10.2 KB
├─ 📁 generated
│ ├─ 📋 operations.json JSON 160L · 4.9 KB
│ └─ 📝 operations.md Markdown 76L · 2.5 KB
└─ 📝 SKILL.md Markdown 55L · 2.7 KB

安全亮点

✓ Clean, minimal implementation with no obfuscation, no base64, no eval()
✓ SKILL.md accurately describes all three operations and their invocation pattern
✓ No shell execution, subprocess, or command injection vectors
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ No environment variable enumeration (process.env not accessed except via CLI token)
✓ Token is passed only to the declared third-party API endpoint as a query parameter, which is expected for API authentication
✓ No cross-skill invocation, no persistence mechanisms, no supply chain risks
✓ All network requests are explicitly declared GET operations to api.justoneapi.com