扫描报告
5 /100
Beike API (justoneapi_beike)
Analyze Beike workflows with JustOneAPI — resale Housing Details, resale Housing List, and community List
A straightforward Beike real-estate API wrapper that makes GET requests to a single declared endpoint with no malicious behavior, obfuscation, or credential exfiltration.
可以安装
Skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | bin/run.mjs:91 — fetch(url, requestInit) to https://api.justoneapi.com |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md invokes 'node {baseDir}/bin/run.mjs' |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md instructs reading generated/operations.md; no file writes found |
| 环境变量 | NONE | NONE | — | Token passed via CLI arg ($JUST_ONE_API_TOKEN), not read via process.env iterati… |
| 技能调用 | NONE | NONE | — | No recursive skill invocation found |
1 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 目录结构
4 文件 · 21.7 KB · 672 行 JavaScript 1f · 371L
JSON 1f · 169L
Markdown 2f · 132L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All 3 operations are fully documented in both SKILL.md and generated/operations.md
✓ Code is clean and readable — no obfuscation, base64, or eval usage
✓ No sensitive file/path access (no ~/.ssh, ~/.aws, .env scanning)
✓ No environment variable iteration for credential harvesting
✓ Token is passed via CLI argument, not hardcoded or exfiltrated
✓ Network requests go to a single declared domain (https://api.justoneapi.com)
✓ Only GET requests are made; no POST/PUT with unexpected payloads
✓ Error handling is proper with structured JSON error output
✓ No supply chain risk — no dependencies/imports beyond Node.js builtins
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)