扫描报告
5 /100
jf-open-pro-capture-livestream
JF (杰峰) device API tool for capturing live streams and device snapshots
Legitimate JF (杰峰) device API tool with proper credential handling through environment variables only; no malicious behavior detected.
可以安装
This skill is safe to use. Consider pinning the requests library version for better dependency hygiene.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned dependency version | scripts/requirements.txt:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 环境变量 | READ | READ | ✓ 一致 | Line 91-100: os.environ.get('JF_*') |
| 网络访问 | READ | READ | ✓ 一致 | Line 131-135: requests.post() to declared endpoints |
| 文件系统 | NONE | NONE | — | No file operations found |
| 命令执行 | NONE | NONE | — | No subprocess/shell execution found |
4 项发现
中危 外部 URL 外部 URL
https://open.jftech.com/ SKILL.md:11 中危 外部 URL 外部 URL
https://api.jftechws.com SKILL.md:42 中危 外部 URL 外部 URL
https://api-cn.jftech.com SKILL.md:44 中危 外部 URL 外部 URL
https://docs.jftech.com/ SKILL.md:212 目录结构
4 文件 · 28.1 KB · 826 行 Python 1f · 494L
Markdown 2f · 329L
Text 1f · 3L
├─
▾
scripts
│ ├─
jf_open_pro_capture_livestream.py
Python
│ └─
requirements.txt
Text
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | >=2.28.0 | pip | 否 | Version not pinned with upper bound |
安全亮点
✓ Credentials handled exclusively through environment variables as documented
✓ No shell execution or subprocess calls detected
✓ No file system access beyond script execution
✓ HTTP requests limited to declared official JF API endpoints only
✓ No credential exfiltration or data leakage patterns
✓ No obfuscation techniques (base64, eval, exec) observed
✓ Clean, straightforward code with no hidden functionality
✓ Environment variable access restricted to documented JF_* prefixed variables only