Weibo Search User Published Posts API
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to call the advertised JustOneAPI Weibo search endpoint, but its default command exposes your API token through process arguments.
Review before installing if you will use a real JustOneAPI token. The endpoint wrapper is narrow and matches its description, but avoid running it on shared or heavily logged systems unless the token handling is changed to avoid command-line secrets.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed, someone else may be able to use your JustOneAPI account or quota.
The default invocation expands the JustOneAPI credential into a command-line argument, which can be visible to local process monitors, shell wrappers, or command logging on some systems.
node {baseDir}/bin/run.mjs --operation "searchProfileV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"uid":"<uid>","q":"<q>"}'Use only in a trusted environment, prefer a version that reads JUST_ONE_API_TOKEN directly from the environment or a secret manager instead of argv, and rotate the token if it may have been exposed.