中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:20 小时前 重新扫描
10 /100
DINGs 托管式 AI 电话助手
中国、日本餐厅全自动 AI 电话预订技能,支持餐厅搜索+AI 电话自动预订一体化服务
This is a documentation-only skill (SKILL.md) describing a restaurant booking integration with TripNow API. No executable code, scripts, or dependencies are present. The skill makes legitimate API calls to an external service using a declared API key.
技能名称DINGs 托管式 AI 电话助手
分析耗时37.5s
引擎pi
可以安装
This skill is safe to use as documented. Verify the TripNow API service legitimacy independently if needed. No additional security controls required beyond standard API key management.

安全发现 2 项

严重性 安全发现 位置
低危
Third-party API dependency 文档欺骗
The skill integrates with an external third-party API service (tripnowengine.133.cn). While the integration is fully documented, the security posture of this external service cannot be verified by this skill alone.
https://tripnowengine.133.cn/tripnow/v1
→ Independently verify the legitimacy and security of the TripNow platform before production use
 SKILL.md:19
低危
Personal data collection 敏感访问
The skill collects and transmits customer personal information (names, phone numbers, dining preferences) to the external API. This is necessary for the booking service but involves data handling outside the local system.
customerName, customerPhone, customerSex, diningTime...
→ Ensure compliance with local data protection regulations when collecting user data
 SKILL.md:145
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file operations in documentation
网络访问 READ READ ✓ 一致 API calls to tripnowengine.133.cn declared in SKILL.md
命令执行 NONE NONE No shell commands in documentation
环境变量 READ READ ✓ 一致 TRIPNOW_API_KEY read for API authentication
技能调用 NONE NONE No skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
16 项发现
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1
SKILL.md:19
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow-ai-open-platform/
SKILL.md:20
🔗
中危 外部 URL 外部 URL
https://your-server.com/callback(可选
SKILL.md:36
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/voice/outbound
SKILL.md:169
🔗
中危 外部 URL 外部 URL
https://your-server.com/callback
SKILL.md:188
🔗
中危 外部 URL 外部 URL
https://dingstest.133.cn/dings/call-detail?id=RESORD216873707229&lang=zh&naviBarHidden=0&debug=true
SKILL.md:219
🔗
中危 外部 URL 外部 URL
https://dings.133.cn/basic/files/RESORD216873707229_2025-12-18-16-51-25.png
SKILL.md:220
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/voice/callback_find?order_id=RESORD216873707229&token=sk-live-******************...
SKILL.md:264
🔗
中危 外部 URL 外部 URL
https://www.dianping.com/shop/xxxxxx
SKILL.md:357
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=麦当劳&city_name=北京&country=CN
SKILL.md:380
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=https://www.dianping.com/shop/32705550&city_na...
SKILL.md:383
🔗
中危 外部 URL 外部 URL
https://tripnowengine.133.cn/tripnow/v1/restaurant/search?restaurant_name=寿司店&city_name=东京&country=JP
SKILL.md:386
🔗
中危 外部 URL 外部 URL
https://dings.133.cn/basic/files/08d0b89b9a8e5f13485e78caa76b7fc3.jpg
SKILL.md:396
🔗
中危 外部 URL 外部 URL
https://dings.133.cn/basic/images/1d8783fd6cd06e4d06975ee6df45c16a
SKILL.md:411
🔗
中危 外部 URL 外部 URL
https://your-domain.com/webhook/tripnow
SKILL.md:565
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:609

目录结构

1 文件 · 22.7 KB · 624 行
Markdown 1f · 624L
└─ 📝 SKILL.md Markdown 624L · 22.7 KB

安全亮点

✓ No executable code or scripts present - pure documentation
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No credential harvesting beyond necessary API key
✓ No filesystem or shell access declared or needed
✓ No hidden functionality or undocumented behavior
✓ HTTPS required for callback URLs
✓ Privacy guidelines documented (no persistent storage of personal data)
✓ API key used only for legitimate service authentication
✓ Clear documentation of all data flows and API endpoints