Scan Report
5 /100
jf-open-pro-capture-livestream
JF (杰峰) device API tool for capturing live streams and device snapshots
Legitimate JF (杰峰) device API tool with proper credential handling through environment variables only; no malicious behavior detected.
Safe to install
This skill is safe to use. Consider pinning the requests library version for better dependency hygiene.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned dependency version | scripts/requirements.txt:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Environment | READ | READ | ✓ Aligned | Line 91-100: os.environ.get('JF_*') |
| Network | READ | READ | ✓ Aligned | Line 131-135: requests.post() to declared endpoints |
| Filesystem | NONE | NONE | — | No file operations found |
| Shell | NONE | NONE | — | No subprocess/shell execution found |
4 findings
Medium External URL 外部 URL
https://open.jftech.com/ SKILL.md:11 Medium External URL 外部 URL
https://api.jftechws.com SKILL.md:42 Medium External URL 外部 URL
https://api-cn.jftech.com SKILL.md:44 Medium External URL 外部 URL
https://docs.jftech.com/ SKILL.md:212 File Tree
4 files · 28.1 KB · 826 lines Python 1f · 494L
Markdown 2f · 329L
Text 1f · 3L
├─
▾
scripts
│ ├─
jf_open_pro_capture_livestream.py
Python
│ └─
requirements.txt
Text
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | >=2.28.0 | pip | No | Version not pinned with upper bound |
Security Positives
✓ Credentials handled exclusively through environment variables as documented
✓ No shell execution or subprocess calls detected
✓ No file system access beyond script execution
✓ HTTP requests limited to declared official JF API endpoints only
✓ No credential exfiltration or data leakage patterns
✓ No obfuscation techniques (base64, eval, exec) observed
✓ Clean, straightforward code with no hidden functionality
✓ Environment variable access restricted to documented JF_* prefixed variables only