Douyin Creator Marketplace (Xingtu) API 安全扫描报告 — 可信 | ClawSafe

5 /100

Douyin Creator Marketplace (Xingtu) API

Analyze Douyin Creator Marketplace (Xingtu) workflows with JustOneAPI, including creator Profile, creator Link Structure, and creator Visibility Status across 43 operations.

This is a legitimate API wrapper skill for Douyin Creator Marketplace data with no malicious behavior detected.

技能名称Douyin Creator Marketplace (Xingtu) API

分析耗时25.4s

引擎pi

✓

可以安装

This skill is safe to use. No additional security measures required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file system access in code
网络访问	`READ`	`READ`	✓ 一致	bin/run.mjs: Uses fetch() for GET requests to api.justoneapi.com
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution
环境变量	`READ`	`READ`	✓ 一致	bin/run.mjs: Reads JUST_ONE_API_TOKEN for API auth only
技能调用	`NONE`	`NONE`	—	No skill-to-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

1 项发现

🔗

中危外部 URL 外部 URL

https://api.justoneapi.com

SKILL.md:5

目录结构

4 文件 · 219.2 KB · 6661 行

JavaScript 1f · 2721L JSON 1f · 2519L Markdown 2f · 1421L

├─ ▾ 📁 bin

│ └─ 📜 run.mjs JavaScript 2721L · 86.8 KB

├─ ▾ 📁 generated

│ ├─ 📋 operations.json JSON 2519L · 81.4 KB

│ └─ 📝 operations.md Markdown 1365L · 47.4 KB

└─ 📝 SKILL.md Markdown 56L · 3.6 KB

安全亮点

✓ No shell execution - uses native fetch() API only

✓ No credential harvesting beyond required API token

✓ No sensitive file system access

✓ No data exfiltration beyond declared API endpoint

✓ No obfuscation or encoded payloads

✓ No external dependencies (no package.json/requirements.txt)

✓ Clear documentation matches implementation

✓ Standard HTTP GET requests only

✓ OpenAPI manifest embedded for transparency