ClawHub

YOUKU API

v1.0.1

Analyze YOUKU workflows with JustOneAPI, including video Search, video Details, and user Profile.

0· 21·1 current·1 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (YOUKU via JustOneAPI) matches the code and documentation. The manifest, SKILL.md, and bin/run.mjs all implement three GET operations against api.justoneapi.com and request only JUST_ONE_API_TOKEN and node, which are appropriate for this purpose.
Instruction Scope
SKILL.md instructs the agent to select one of three parameter-driven GET operations, ask the user for missing parameters, and call the bundled helper with the token. The instructions and the script only reference the declared env var and the generated operation docs; they do not read unrelated files or env vars, nor do they exfiltrate data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only install), and the included bin/run.mjs is a small, readable script. No external downloads, archives, or third-party package installs are performed by the skill itself.
Credentials
The skill requires only JUST_ONE_API_TOKEN, which is proportional. One important detail: the script passes the token as a query parameter named 'token' in outbound requests, which can be exposed in URL logs or referer headers. Users should be aware of that leakage risk and use a scoped/ephemeral token if possible.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not persist credentials itself. Autonomous invocation is enabled by default but not combined with other concerning privileges.
Assessment
This skill appears to do what it says: it will call api.justoneapi.com to fetch YOUKU search, video, or user details and requires node plus a JUST_ONE_API_TOKEN. Before installing: (1) confirm you trust JustOneAPI and review their docs/privacy; (2) use a scoped or ephemeral token if possible; (3) be aware the token is sent in the URL query string (risk of exposure in logs or referer headers); (4) do not paste the token into chat or public places; (5) ensure your environment allows outbound network calls to api.justoneapi.com and that printing JSON output is acceptable for any returned data. If any of these are unacceptable, do not install or create a limited token first.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xe8efcgg4av2cbcwqb2cnn8495xp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments