📦 JD.com API — 京东数据接口
v1.0.8通过 JustOneAPI 调用京东接口,一键获取商品详情、评论与店铺商品列表,快速完成电商数据分析。
0· 158·1 当前·1 累计
by @justoneapi 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do exactly what it claims: call JustOneAPI endpoints for JD.com data. Before installing, be aware that you must provide JUST_ONE_API_TOKEN (the helper passes it as a query parameter), so: (1) obtain the token from JustOneAPI and confirm its scope and revocation/rotation options; (2) avoid pasting the token in chats or public logs; passing secrets in query strings can expose them in proxy/server logs—check whether the provider supports header-based auth if you need stronger ...详细分析 ▾
✓ 用途与能力
Name/description match the operations in the bundle (product details, comments, shop item list). Required binary (node) and the single required env var (JUST_ONE_API_TOKEN) are appropriate for making authenticated HTTP calls to api.justoneapi.com.
ℹ 指令范围
SKILL.md instructs the agent to run the included node helper and pass --token "$JUST_ONE_API_TOKEN"; the helper does not read arbitrary files or other env vars and only performs HTTP GETs to api.justoneapi.com. Minor note: the helper expects the token as a CLI argument rather than reading process.env directly — this is explained in the docs and is consistent, not a security concern by itself.
✓ 安装机制
No install spec is provided (instruction-only with a small bundled script). Nothing is downloaded from external URLs during install; the runtime requires only Node which is reasonable.
✓ 凭证需求
Only one credential is required (JUST_ONE_API_TOKEN) and it is the primary credential for the advertised API. There are no unrelated secrets or multiple disparate credentials requested.
✓ 持久化与权限
always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or agent-wide configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.82026/4/4
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install justoneapi-jd
镜像加速npx clawhub@latest install justoneapi-jd --registry https://cn.longxiaskill.com镜像同步中