WeChat Official Accounts Keyword Search API
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: justoneapi-weixin-search Version: 1.0.0 The skill bundle is a standard API wrapper for searching WeChat Official Accounts via JustOneAPI. The execution logic in bin/run.mjs is transparent, using the native fetch API to communicate exclusively with api.justoneapi.com, and the SKILL.md instructions contain appropriate security warnings regarding token handling without any evidence of prompt injection or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone or something with access to local process arguments while the command runs could see and reuse the JustOneAPI token.
The documented invocation expands the API token into the command-line arguments. Local process listings or tooling that captures command arguments may expose the token.
node {baseDir}/bin/run.mjs --operation "searchWeixinV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"keyword":"<keyword>"}'Prefer a version that reads the token directly from the environment or stdin instead of argv; rotate the token if it may have been exposed.