ClawHub

Kuaishou API

v1.0.3

Analyze Kuaishou workflows with JustOneAPI, including user Search, user Published Videos, and video Details across 7 operations.

0· 27·1 current·1 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Kuaishou via JustOneAPI) match the requested artifacts: node binary, a single JUST_ONE_API_TOKEN, and an included run.mjs client that targets api.justoneapi.com. Required binaries and env var are proportional to the stated purpose.
Instruction Scope
SKILL.md gives narrow, concrete instructions: read generated/operations.md, ask the user for missing params, and run the included node script with --operation, --token, and --params-json. It does not instruct reading unrelated files or exfiltrating data, and the README explicitly warns to keep the token private.
Install Mechanism
No install spec is provided (instruction-only). A script (bin/run.mjs) is included; there are no external download URLs or extract steps. This is low-risk for installation.
Credentials
The skill requires exactly one credential (JUST_ONE_API_TOKEN) which is the documented auth mechanism for the backend. No unrelated secrets, config paths, or additional tokens are requested.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or system-wide configuration changes. It is user-invocable and can be called autonomously (the platform default), which is expected for a connector skill.
Assessment
This skill appears to be a straightforward client for JustOneAPI's Kuaishou endpoints. Before installing: (1) Confirm the JUST_ONE_API_TOKEN you provide is from JustOneAPI and has only the scopes you expect. (2) If you plan to let an agent invoke skills autonomously, be aware the agent will be able to call the included script with that token—limit autonomous access if the token has broad privileges. (3) If you want extra assurance, inspect the full bin/run.mjs (the bundled script) locally to confirm it only calls api.justoneapi.com and does not log or transmit the token elsewhere. (4) Treat the token like any API secret: store it in a secure secret manager and avoid pasting it into chats or commits.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776t9rq6srxp54wf58jk1119849ctp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments