Scan Report
5 /100
Douyin (TikTok China) API
Analyze Douyin (TikTok China) workflows with JustOneAPI, including user Profile, user Published Videos, and video Details across 9 operations.
This is a straightforward Douyin API wrapper that uses native fetch for GET requests to a declared API endpoint with no hidden functionality, obfuscation, or sensitive resource access.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | bin/run.mjs:145 - fetch(url, requestInit) |
| Filesystem | NONE | NONE | — | No file system access in implementation |
| Shell | NONE | NONE | — | No subprocess or shell execution used |
| Environment | NONE | NONE | — | Token passed via CLI, no env iteration |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://api.justoneapi.com SKILL.md:5 File Tree
4 files · 43.8 KB · 1431 lines JavaScript 1f · 665L
JSON 1f · 463L
Markdown 2f · 303L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Clean, readable JavaScript code with no obfuscation
✓ Uses native Node.js fetch API (no external dependencies)
✓ All 9 operations are properly documented and match implementation
✓ No shell execution, file system access, or environment variable reading
✓ Token usage is limited to API authentication only
✓ No hidden functionality or shadow behavior
✓ No base64 encoding or dynamic code execution
✓ Proper input validation for required parameters