Skillv1.0.0

ClawScan security

Douyin Creator Marketplace (Xingtu) Video Details API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 25, 2026, 7:59 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a small, coherent wrapper for a JustOneAPI GET endpoint that only requires a JustOneAPI token and Node to run and does what its description says.
Guidance: This skill is a simple client for JustOneAPI's Douyin Xingtu video-details endpoint. Before installing: ensure you trust the JustOneAPI service and are okay with providing JUST_ONE_API_TOKEN (the token is sent as a query parameter to https://api.justoneapi.com). Do not paste the token into chat logs; prefer setting it in the agent's secret store. Because the skill can be invoked by the agent, limit its use to contexts where calling external APIs with that token is acceptable.

Purpose & Capability: okName/description match the actual behavior: the code invokes GET /api/douyin-xingtu/get-video-detail/v1 on api.justoneapi.com. Required binary (node) and the JUST_ONE_API_TOKEN credential are appropriate for this purpose.
Instruction Scope: okSKILL.md instructs the agent to run the included Node helper with --operation, --token, and the detailId parameter. The code only builds the request, performs an HTTP GET, and prints JSON; it does not read other files, env vars, or send data to unexpected endpoints.
Install Mechanism: okNo install spec; the skill is instruction+helper script only. The included bin/run.mjs is a small, readable script that uses the declared Node binary and makes a single HTTP request to the stated baseUrl.
Credentials: okOnly JUST_ONE_API_TOKEN is required (declared as primaryEnv). The token is used as the API token query parameter to api.justoneapi.com — this matches the stated integration and is proportional.
Persistence & Privilege: okalways is false and there is no code that modifies other skills or system settings. The skill does not request persistent or elevated privileges.