Zhihu

ReviewAudited by ClawScan on May 10, 2026.

Overview

This Zhihu integration appears purpose-aligned, but it gives an agent credentialed ability to post, like, comment, and delete Zhihu content, so it should be used with supervision.

Install this only if you are comfortable letting an agent use your Zhihu API credentials to perform public/account-visible actions. Supervise publish, comment, reaction, and delete requests, verify target IDs and text before execution, and protect the configured app key and app secret.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If invoked incorrectly, the agent could publish unwanted posts, like or unlike content, create comments, or delete comments through the user's Zhihu API access.

Why it was flagged

The skill explicitly grants tools that can change public or account-visible Zhihu content. This is expected for the stated purpose, but it is high-impact enough that users should supervise use.

Skill content

Publishing pins ... Liking/unliking pins and comments ... Creating comments ... Deleting comments

Recommendation

Use this skill only when you want the agent to act on Zhihu. Review post/comment text and target IDs before allowing publish, reaction, or delete operations.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent process with access to these environment variables can use the configured Zhihu API authority within the API's permissions.

Why it was flagged

The tool uses Zhihu API credentials from environment variables to authenticate requests. This is expected for the integration, but those credentials authorize account actions.

Skill content

self.app_key = os.environ.get("ZHIHU_APP_KEY", "")
self.app_secret = os.environ.get("ZHIHU_APP_SECRET", "")

Recommendation

Use least-privilege Zhihu credentials if available, keep the app secret private, and rotate the credentials if they are exposed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user may need to prepare the Python environment manually, and dependency versions are not pinned by the skill artifacts.

Why it was flagged

The README documents a manual, unpinned dependency installation, while no install spec is provided. This is not suspicious by itself, but users should install dependencies from trusted sources.

Skill content

requests 库：`pip install requests`

Recommendation

Install dependencies in a trusted virtual environment and consider pinning or reviewing the requests package version used.