WeChat Official Accounts Article Details API
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to call the claimed JustOneAPI endpoint, but it handles the API token in a way that can expose it on the command line.
Review before installing. The API behavior matches the description, but run it only in a trusted environment and avoid exposing process arguments in logs. If possible, modify or request a version of the helper that reads JUST_ONE_API_TOKEN directly from the environment rather than passing it with --token.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local user, system monitor, process logger, or agent execution log could capture the JustOneAPI token and use it outside this skill.
The skill instructs the agent to expand and pass the API token as a process argument instead of having the helper read it directly from the environment.
node {baseDir}/bin/run.mjs --operation "getWeixinArticleDetailV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"articleUrl":"<articleUrl>"}'Prefer a helper that reads JUST_ONE_API_TOKEN from the environment internally, avoid logging command arguments, and use a scoped/rotatable token.