Skillv1.0.0

ClawScan security

Douyin Creator Marketplace (Xingtu) Recommended Videos API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 4:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variable (JUST_ONE_API_TOKEN) are consistent with its stated purpose (calling a JustOneAPI Douyin/Xingtu recommended-videos endpoint); no unrelated credentials, unexpected network endpoints, or install steps are present — but note the token is sent as a query parameter/CLI argument which can increase exposure risk.
Guidance: This skill appears to do exactly what it claims: call a JustOneAPI Douyin/Xingtu endpoint and return JSON. Before installing or running it, consider the following: (1) Protect your JUST_ONE_API_TOKEN — the script sends it as a query parameter and accepts it as a CLI argument, both of which can expose the token in process listings, shell history, or server/proxy logs. Avoid pasting the token into chat or public logs, use short-lived or scoped tokens where possible, and rotate the token periodically. (2) Run the script only on trusted machines; if you need stricter secrecy, inspect and modify run.mjs to read the token from a protected source (e.g., process.env inside a securely launched process) rather than passing it directly on the command line. (3) Review JustOneAPI's dashboard/permissions and token scope to limit blast radius. Other than the token-exposure caveat, the skill is internally coherent and focused on its stated purpose.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the packaged run.mjs calls https://api.justoneapi.com and implements the documented GET /api/douyin-xingtu/.../author_rec_videos_v2/v1 endpoint. The only required binary is node and the only required environment variable is JUST_ONE_API_TOKEN, which is appropriate for a third-party API wrapper.
Instruction Scope: noteSKILL.md and bin/run.mjs instruct the agent to collect a single required parameter (oAuthorId) and to pass the token via --token. The instructions are narrowly scoped to making the API request and returning JSON. One operational note: the implementation places the token in the request query string and accepts it via a CLI flag; this can increase exposure risk (see environment_proportionality). The skill does not read local files or other env vars.
Install Mechanism: okThere is no install spec (instruction-only style with bundled run.mjs). Nothing is downloaded or written during install. This is a low-risk delivery model.
Credentials: noteThe single required credential (JUST_ONE_API_TOKEN) is proportional to the skill's purpose. However, the runtime injects the token as a query parameter ('token') and accepts it via a CLI argument (--token), which can expose the secret to process listings, shell history, or URL logs (server logs, proxies). SKILL.md warns not to paste tokens into chat but does not explicitly warn about CLI/process or URL exposure.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not modify agent/system configuration. It only executes a single network request at runtime and prints JSON to stdout.