Scan Report
5 /100
Douyin Creator Marketplace (Xingtu) API
Analyze Douyin Creator Marketplace (Xingtu) workflows with JustOneAPI, including creator Profile, creator Link Structure, and creator Visibility Status across 43 operations.
This is a legitimate API wrapper skill for Douyin Creator Marketplace data with no malicious behavior detected.
Safe to install
This skill is safe to use. No additional security measures required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file system access in code |
| Network | READ | READ | ✓ Aligned | bin/run.mjs: Uses fetch() for GET requests to api.justoneapi.com |
| Shell | NONE | NONE | — | No subprocess or shell execution |
| Environment | READ | READ | ✓ Aligned | bin/run.mjs: Reads JUST_ONE_API_TOKEN for API auth only |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://api.justoneapi.com SKILL.md:5 File Tree
4 files · 219.2 KB · 6661 lines JavaScript 1f · 2721L
JSON 1f · 2519L
Markdown 2f · 1421L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No shell execution - uses native fetch() API only
✓ No credential harvesting beyond required API token
✓ No sensitive file system access
✓ No data exfiltration beyond declared API endpoint
✓ No obfuscation or encoded payloads
✓ No external dependencies (no package.json/requirements.txt)
✓ Clear documentation matches implementation
✓ Standard HTTP GET requests only
✓ OpenAPI manifest embedded for transparency