扫描报告
5 /100
Amazon
Analyze Amazon workflows with JustOneAPI, including product Details, product Top Reviews, and best Sellers across 4 operations.
This is a straightforward Amazon API wrapper skill that makes GET requests to JustOneAPI. No malicious patterns, obfuscation, or credential harvesting were detected.
可以安装
No action needed. The skill is safe to use. Consider passing the token via environment variable instead of CLI argument for better operational security.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | API token visible in process arguments 敏感访问 | bin/run.mjs:7 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file system operations in bin/run.mjs |
| 网络访问 | READ | READ | ✓ 一致 | bin/run.mjs:107 - fetch(url, requestInit) only to api.justoneapi.com |
| 命令执行 | NONE | NONE | — | No subprocess, exec, or shell command execution |
| 环境变量 | NONE | NONE | — | No environment variable access in code |
| 技能调用 | NONE | NONE | — | No nested skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 中危 外部 URL 外部 URL
https://amazon.com/s?node=172282 bin/run.mjs:109 目录结构
4 文件 · 36.5 KB · 1139 行 JavaScript 1f · 533L
JSON 1f · 331L
Markdown 2f · 275L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ No shell execution or subprocess calls detected
✓ No obfuscation techniques (base64, eval, atob) found
✓ No credential harvesting or environment variable iteration
✓ No sensitive file/path access (~/.ssh, .env, etc.)
✓ No remote code execution patterns
✓ No hidden functionality - documentation matches implementation
✓ All 4 operations use only GET requests with query parameters
✓ No external dependencies - uses only Node.js built-in fetch API
✓ Clean, straightforward API wrapper with proper error handling