Scan Report
0 /100
yuri-graph-gateway
Yuri Graph Gateway — Facebook Graph API Proxy Service Usage Guide
Pure documentation-only skill with no executable code. It explains how to use a third-party Facebook Graph API proxy service through baiz.ai, with one declared credential (YURI_TOKEN) and comprehensive security guidance. No hidden functionality, no code execution, and no capability violations.
Safe to install
Safe to install. This skill contains only documentation — no scripts or code to execute. Users should understand they are routing Facebook API traffic through baiz.ai's gateway. Follow the token handling best practices outlined in SKILL.md.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in this documentation skill |
| Network | NONE | NONE | — | Skill documents how to call an external proxy; no network calls made by the skil… |
| Shell | NONE | NONE | — | No shell commands or subprocess calls present |
| Environment | NONE | NONE | — | No environment variable access; YURI_TOKEN is documented as a user-provided cred… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
3 findings
Medium External URL 外部 URL
https://graph.facebook.com/v21.0/act_123456/campaigns?fields=name SKILL.md:99 Medium External URL 外部 URL
https://facebook-graph.baiz.ai/v21.0/act_123456/campaigns?fields=name SKILL.md:105 Medium External URL 外部 URL
https://facebook-graph.baiz.ai SKILL.md:180 File Tree
2 files · 12.6 KB · 205 lines Markdown 1f · 191L
JSON 1f · 14L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable code — purely documentation/instructional content
✓ Single credential (YURI_TOKEN) clearly declared in both SKILL.md and _meta.json with full metadata (required, sensitive, description, format)
✓ Comprehensive security guidance included: token storage, URL exposure risk, TLS verification, least privilege, rate limits
✓ Complete transparency: documents exact behavior — proxy service routing Facebook Graph API through baiz.ai gateway
✓ Security best practices section covers data retention (90 days), AES-256 encryption for Facebook tokens, audit logging
✓ Includes clear warning to use least-privilege test tokens and not production Facebook credentials
✓ No scripts, no hidden functionality, no obfuscation, no credential harvesting
✓ Skill behavior matches documentation exactly — no doc-to-code mismatch