ClawHub

Xiaohongshu Api

v1.0.0

小红书数据API - 通过TikHub获取小红书帖子、评论、用户信息 / Xiaohongshu Data API via TikHub

1· 1.9k·8 current·8 all-time
by@bombfuock
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement Xiaohongshu lookups via api.tikhub.io, which matches the skill name and description. However, the registry metadata lists no required environment variables or primary credential even though the docs and code expect a TikHub API key. This is an inconsistency in the declared requirements (likely sloppy metadata).
Instruction Scope
SKILL.md and the script instruct only to call TikHub endpoints (post detail, search, trending) and print JSON. There are no instructions to read unrelated local files, aggregate other credentials, or post data to third-party endpoints beyond api.tikhub.io.
Install Mechanism
There is no install spec (instruction-only), which minimizes installer risk. The bundled Python script imports the requests library but the skill does not declare this dependency; users must ensure 'requests' is available. No external archives or installers are fetched by the skill.
!
Credentials
The skill requires a TikHub API key (documented in SKILL.md and accepted as a CLI argument) but the package metadata and registry 'Required env vars' list none and there is no declared primaryEnv. Asking for an API key is reasonable for this purpose, but the omission from declared requirements is a transparency issue and could lead to user confusion or misconfiguration.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or global agent settings, and does not request elevated platform privileges.
What to consider before installing
This skill's code and docs show it calls the TikHub API to fetch public Xiaohongshu data, which is consistent with its stated purpose. However: 1) The package metadata does not declare the TikHub API key requirement or the Python 'requests' dependency — you'll need to provide an API key (or pass it via --api-key) and ensure 'requests' is installed. 2) There is no homepage or trusted source listed and the owner ID looks uninformative; if you don't already trust the publisher, inspect the included script yourself (it's short and readable) before running. 3) Understand that using the skill will make outbound HTTPS calls to api.tikhub.io — confirm you trust TikHub and that using their API complies with your privacy/usage policies. If you want higher assurance, ask the publisher for a homepage or repository and a declared primary environment variable (e.g., TIKHUB_API_KEY).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbdzb8ab1f8p3hq1nnh2cgs82ap57

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments