中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
datatk-quote-skill
Real-time stock market data via QuoteNode API. Query quotes, K-lines, tick trades, Level-2 depth, and trading calendars for US/HK/CN markets.
The datatk-quote-skill is a legitimate market-data API wrapper with no malicious behavior, strong security controls, and accurate documentation.
技能名称datatk-quote-skill
分析耗时32.3s
引擎pi
可以安装
This skill is safe to use. The script enforces HTTPS, domain allowlisting, and path validation. No action required.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No filesystem access in scripts/request.mjs
网络访问 READ READ ✓ 一致 Only POST requests to configured API endpoint with X-API-KEY header; HTTPS enfor…
命令执行 NONE NONE No shell execution found
环境变量 NONE NONE No environment variable access
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
2 项发现
🔗
中危 外部 URL 外部 URL
https://www.datatk.com/service
SKILL.md:44
🔗
中危 外部 URL 外部 URL
https://your-endpoint.com
env.example.json:2

目录结构

7 文件 · 22.6 KB · 763 行
Markdown 5f · 576L JavaScript 1f · 184L JSON 1f · 3L
├─ 📁 references
│ ├─ 📝 architecture.md Markdown 42L · 2.1 KB
│ ├─ 📝 openapi.md Markdown 162L · 4.3 KB
│ ├─ 📝 reference.md Markdown 135L · 2.9 KB
│ └─ 📝 response.md Markdown 191L · 6.3 KB
├─ 📁 scripts
│ └─ 📜 request.mjs JavaScript 184L · 4.7 KB
├─ 📋 env.example.json JSON 3L · 78 B
└─ 📝 SKILL.md Markdown 46L · 2.1 KB

安全亮点

✓ HTTPS-only enforcement in assertSafeEndpoint() prevents plaintext exfiltration
✓ Domain allowlist restricts network calls to quote.datatk.com, www.datatk.com, and *.datatk.com subdomains
✓ Raw IP endpoints are explicitly blocked as an anti-exfiltration measure
✓ Path traversal protection via .. check in assertSafePath()
✓ Path must start with /Api/ — prevents arbitrary endpoint access
✓ API key and endpoint read from local env.json only — no environment variable harvesting
✓ Placeholder value detection prevents accidental use of unconfigured credentials
✓ All documentation files (openapi.md, reference.md, response.md, architecture.md) accurately describe the API surface with no hidden functionality
✓ No shell execution, no obfuscation, no credential exfiltration
✓ Clean dependency footprint — no external package dependencies (uses only Node.js built-ins: fs/promises, path, url)