抖音热点上升榜
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can spend quota or usage credits tied to the user's ai-skills.ai API key.
The skill requires a third-party API key and states that the key is sent with each request. This is expected for the documented API wrapper, but it gives the skill authority to consume the user's API quota.
requiredEnvVars: - name: AISKILLS_API_KEY ... API Key 会随每次请求发送至 ai-skills.ai 服务器。
Use a separate, revocable API key, monitor quota usage, and avoid sharing the key outside this intended integration.
Search keywords, category filters, pagination choices, and the API key are visible to the third-party provider, though the skill says full conversation context is not sent.
The skill discloses that calls go to ai-skills.ai and lists the transmitted fields, including query parameters and the API key. The data flow is clear and purpose-aligned, but still involves an external provider.
security: thirdPartyDomain: ai-skills.ai; dataSent: skillId, params(技能参数如关键词、分类、页码等,不含用户对话上下文), X-API-Key(认证密钥)
Confirm you trust ai-skills.ai's data handling, avoid sensitive search terms, and rotate or revoke the API key if needed.