扫描报告
5 /100
JD.com
Analyze JD.com workflows with JustOneAPI, including product Details, product Comments, and shop Product List.
This is a straightforward API wrapper skill for JD.com product data with no malicious indicators found.
可以安装
This skill is safe to use. It performs only simple GET requests to a declared external API endpoint for e-commerce data retrieval.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in bin/run.mjs |
| 网络访问 | READ | READ | ✓ 一致 | bin/run.mjs:94 - fetch() to declared https://api.justoneapi.com endpoints only |
| 命令执行 | NONE | NONE | — | Uses node to execute script, no subprocess or shell command execution |
| 环境变量 | READ | READ | ✓ 一致 | Token passed via CLI argument --token, used only for API authentication |
| 技能调用 | NONE | NONE | — | No skill invocation or cross-skill communication |
| 剪贴板 | NONE | NONE | — | No clipboard access in code |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
1 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 目录结构
4 文件 · 18.4 KB · 615 行 JavaScript 1f · 344L
JSON 1f · 142L
Markdown 2f · 129L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Clean, well-documented API wrapper with no obfuscation or suspicious code patterns
✓ All operations use only GET requests to declared endpoints
✓ Documentation accurately describes functionality with no hidden capabilities
✓ Token handling is minimal - only used for API authentication
✓ No environment variable iteration or credential harvesting
✓ No file system access, network exfiltration, or data theft behavior
✓ Pure Node.js implementation with no external dependencies
✓ Proper error handling with status code validation