Scan Report
10 /100
DINGs 托管式 AI 电话助手
中国、日本餐厅全自动 AI 电话预订技能,支持餐厅搜索+AI 电话自动预订一体化服务
This is a documentation-only skill (SKILL.md) describing a restaurant booking integration with TripNow API. No executable code, scripts, or dependencies are present. The skill makes legitimate API calls to an external service using a declared API key.
Safe to install
This skill is safe to use as documented. Verify the TripNow API service legitimacy independently if needed. No additional security controls required beyond standard API key management.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Third-party API dependency Doc Mismatch | SKILL.md:19 |
| Low | Personal data collection Sensitive Access | SKILL.md:145 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | READ | READ | ✓ Aligned | API calls to tripnowengine.133.cn declared in SKILL.md |
| Shell | NONE | NONE | — | No shell commands in documentation |
| Environment | READ | READ | ✓ Aligned | TRIPNOW_API_KEY read for API authentication |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
16 findings
Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1 SKILL.md:19 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow-ai-open-platform/ SKILL.md:20 Medium External URL 外部 URL
https://your-server.com/callback(可选 SKILL.md:36 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/voice/outbound SKILL.md:169 Medium External URL 外部 URL
https://your-server.com/callback SKILL.md:188 Medium External URL 外部 URL
https://dingstest.133.cn/dings/call-detail?id=RESORD216873707229&lang=zh&naviBarHidden=0&debug=true SKILL.md:219 Medium External URL 外部 URL
https://dings.133.cn/basic/files/RESORD216873707229_2025-12-18-16-51-25.png SKILL.md:220 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/voice/callback_find?order_id=RESORD216873707229&token=sk-live-******************... SKILL.md:264 Medium External URL 外部 URL
https://www.dianping.com/shop/xxxxxx SKILL.md:357 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=麦当劳&city_name=北京&country=CN SKILL.md:380 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=https://www.dianping.com/shop/32705550&city_na... SKILL.md:383 Medium External URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=寿司店&city_name=东京&country=JP SKILL.md:386 Medium External URL 外部 URL
https://dings.133.cn/basic/files/08d0b89b9a8e5f13485e78caa76b7fc3.jpg SKILL.md:396 Medium External URL 外部 URL
https://dings.133.cn/basic/images/1d8783fd6cd06e4d06975ee6df45c16a SKILL.md:411 Medium External URL 外部 URL
https://your-domain.com/webhook/tripnow SKILL.md:565 Info Email 邮箱地址
[email protected] SKILL.md:609 File Tree
1 files · 22.7 KB · 624 lines Markdown 1f · 624L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code or scripts present - pure documentation
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No credential harvesting beyond necessary API key
✓ No filesystem or shell access declared or needed
✓ No hidden functionality or undocumented behavior
✓ HTTPS required for callback URLs
✓ Privacy guidelines documented (no persistent storage of personal data)
✓ API key used only for legitimate service authentication
✓ Clear documentation of all data flows and API endpoints