扫描报告
5 /100
Bilibili API
Analyze Bilibili workflows with JustOneAPI, including video Details, user Published Videos, and user Profile across 9 operations.
Clean API wrapper skill that performs documented Bilibili API operations via GET requests to a single trusted endpoint.
可以安装
No action required. This is a straightforward API wrapper with no malicious indicators.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | API Token in CLI Arguments 凭证窃取 | bin/run.mjs:47 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in bin/run.mjs |
| 网络访问 | READ | READ | ✓ 一致 | Uses native fetch() for outbound GET to api.justoneapi.com only (line 1 in manif… |
| 命令执行 | NONE | NONE | — | No subprocess, exec, or shell command execution |
| 环境变量 | READ | NONE | ✓ 一致 | Token injected via CLI argument, not read from process.env |
1 项发现
中危 外部 URL 外部 URL
https://api.justoneapi.com SKILL.md:5 目录结构
4 文件 · 39.5 KB · 1332 行 JavaScript 1f · 626L
JSON 1f · 424L
Markdown 2f · 282L
├─
▾
bin
│ └─
run.mjs
JavaScript
├─
▾
generated
│ ├─
operations.json
JSON
│ └─
operations.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ No obfuscation techniques (base64, eval, atob) detected
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No credential harvesting or environment variable enumeration
✓ No C2 communication or data exfiltration
✓ Only uses native Node.js fetch() API, no external dependencies
✓ Clean, well-structured code matching documentation
✓ All network requests go to documented endpoint: api.justoneapi.com
✓ GET-only requests, no POST/PUT/DELETE with data exfiltration potential