抖音热点上升榜
PassAudited by ClawScan on May 8, 2026.
Overview
The skill coherently fetches Douyin rising-trend data via a disclosed third-party API, with the main caution that it sends an API key and query parameters to ai-skills.ai.
This appears safe to use if you are comfortable with ai-skills.ai receiving your API key and Douyin trend search/filter parameters. Create a limited, revocable key, monitor quota usage, and note that the registry summary does not list the API key requirement even though SKILL.md clearly does.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can spend quota or usage credits tied to the user's ai-skills.ai API key.
The skill requires a third-party API key and states that the key is sent with each request. This is expected for the documented API wrapper, but it gives the skill authority to consume the user's API quota.
requiredEnvVars: - name: AISKILLS_API_KEY ... API Key 会随每次请求发送至 ai-skills.ai 服务器。
Use a separate, revocable API key, monitor quota usage, and avoid sharing the key outside this intended integration.
Search keywords, category filters, pagination choices, and the API key are visible to the third-party provider, though the skill says full conversation context is not sent.
The skill discloses that calls go to ai-skills.ai and lists the transmitted fields, including query parameters and the API key. The data flow is clear and purpose-aligned, but still involves an external provider.
security: thirdPartyDomain: ai-skills.ai; dataSent: skillId, params(技能参数如关键词、分类、页码等,不含用户对话上下文), X-API-Key(认证密钥)
Confirm you trust ai-skills.ai's data handling, avoid sensitive search terms, and rotate or revoke the API key if needed.