扫描报告
0 /100
IMDb
Analyze IMDb workflows with JustOneAPI, including release Expectation, extended Details, and top Cast and Crew across 19 operations.
A straightforward IMDb data API wrapper with no malicious behavior, obfuscation, credential exfiltration, or undeclared capabilities.
可以安装
This skill is safe to use. It makes only GET requests to api.justoneapi.com, uses only Node.js built-ins, and passes the user token exclusively to the declared API endpoint as a query parameter.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | bin/run.mjs: fetches GET https://api.justoneapi.com/* (all 19 operations) |
| 命令执行 | WRITE | NONE | ✓ 一致 | SKILL.md invokes Bash, but bin/run.mjs contains no subprocess/spawn/exec; it onl… |
1 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 目录结构
4 文件 · 104.1 KB · 3251 行 JavaScript 1f · 1333L
JSON 1f · 1131L
Markdown 2f · 787L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Node.js built-in modules (fetch, JSON, process) — no external dependencies or supply chain risk
✓ Token is used only as a query parameter sent to the declared API base URL; no credential exfiltration
✓ No base64, eval, dynamic code generation, or obfuscation
✓ No file system, clipboard, database, or browser access
✓ All 19 operations are GET-only requests; no POST/PUT/DELETE with user-controlled bodies
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash, wget|sh, or remote script execution
✓ No hidden HTML instructions or shadow functionality
✓ Manifest is hardcoded inline — not fetched from an external URL