ClawHub

Social Media API

v1.0.3

Analyze Social Media workflows with JustOneAPI, including cross-Platform Search.

0· 25·1 current·1 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the skill issues GET requests to https://api.justoneapi.com/api/search/v1 and exposes only the documented search parameters. Required binary (node) and required env var (JUST_ONE_API_TOKEN) are appropriate for a small Node CLI wrapper around the JustOneAPI.
Instruction Scope
SKILL.md instructs the agent to call the included bin/run.mjs with explicit flags and to ask the user for missing parameters. It does not direct reading unrelated files, other environment variables, or transmission to endpoints outside justoneapi.com. The instructions are specific and parameter-scoped.
Install Mechanism
There is no install step that downloads or executes code from untrusted URLs. The skill is instruction-first and ships a small Node script (bin/run.mjs) that performs the API call; this is low-risk and proportional.
Credentials
Only a single API token (JUST_ONE_API_TOKEN) is required and documented as used solely for JustOneAPI requests. No other credentials or config paths are requested. The token is injected into the query parameter named 'token' as expected by the API.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not persist credentials beyond using the provided token at call time. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
Assessment
This skill appears to do exactly what it claims: make authenticated GET requests to JustOneAPI's search endpoint. Before installing, ensure you trust https://api.justoneapi.com and that the JUST_ONE_API_TOKEN you provide has only the necessary scopes. Do not paste the token into chat or screenshots; supply it via the platform's secret mechanism. Verify Node is available in the runtime and consider running the skill in a restricted environment if you need to limit outbound network access or logging of responses. If you require more assurance, you can open the included bin/run.mjs file to review its code (it only builds the URL, performs a fetch, and outputs JSON).

Like a lobster shell, security has layers — review code before you run it.

latestvk9757py23zhh49g9h2z2r707zn848gba

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments