Zhihu Keyword Search API
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: justoneapi-zhihu-search Version: 1.0.0 The skill is a standard API wrapper for performing Zhihu keyword searches via the JustOneAPI service (api.justoneapi.com). The implementation in bin/run.mjs is straightforward, using the built-in fetch API to make authorized requests without any signs of data exfiltration, shell execution, or malicious prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On a shared or monitored machine, another local user, process, or log collector could capture the JustOneAPI token and use it outside this skill.
This directs the helper to receive the provider token through process argv. The token is purpose-aligned, but command-line arguments may be visible to local process inspection, shell/debug tooling, or command telemetry.
node {baseDir}/bin/run.mjs --operation "searchZhihuV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"keyword":"<keyword>"}'Prefer a version that reads JUST_ONE_API_TOKEN directly from the environment or stdin instead of argv; if used, run only on trusted machines and rotate the token if exposure is suspected.