Weibo, Baidu, Douyin Hot Search List - 微博百度热搜榜单
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it says: it uses a JisuAPI key to fetch public hot-search lists from Weibo, Baidu, or Douyin, with no evidence of hidden persistence or unrelated data access.
Before installing, set only a JISU_API_KEY you are comfortable using for JisuAPI quota, and run the skill in a trusted Python environment with dependencies you control.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your JisuAPI account quota whenever it performs a hot-search request.
The script reads a provider API key from the environment and sends it to JisuAPI for each query. This is disclosed and purpose-aligned, but it is credentialed account access.
appkey = os.getenv("JISU_API_KEY") ... params = {"appkey": appkey}Use a dedicated JisuAPI key where possible, monitor quota usage, and rotate the key if it is shared or exposed.
If the dependency is missing or sourced unsafely, setup may fail or depend on an unreviewed package installation.
The code depends on the external Python requests package while the supplied artifacts provide no package install spec. This is not hidden execution, but users should rely on a trusted existing Python environment.
import requests
Run the skill in a trusted Python environment and avoid installing dependencies from untrusted sources.