知乎热榜 - UAPIPRO
v1.0.0抓取知乎热榜,使用 UAPIPRO API(https://uapis.cn)。当用户询问"知乎热榜"、"知乎热搜"、"知乎热门"时触发。 需要环境变量 UAPIPRO_API_KEY。
⭐ 0· 67·0 current·0 all-time
byChenfeng@savior1987
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name and description (fetch Zhihu hot list via UAPIPRO) match the included script and instructions: the script calls https://uapis.cn/api/v1/misc/hotboard?type=zhihu and formats the results. Requiring an API key (UAPIPRO_API_KEY) is logically necessary for this purpose. However, the registry metadata claims 'Required env vars: none' while both SKILL.md and scripts/zhihu_hot.py require UAPIPRO_API_KEY — this metadata omission is an inconsistency.
Instruction Scope
SKILL.md and the script limit actions to calling the UAPIPRO API, formatting output (text/json/Feishu), and printing results. The instructions and code do not read other files, system configs, or unrelated environment variables, nor do they send data to endpoints other than uapis.cn. The subprocess example passes only the UAPIPRO_API_KEY from the environment.
Install Mechanism
There is no install spec and no downloads; the skill is instruction-plus-a-local-script that uses Python standard library (urllib). No external packages are installed and nothing is written to disk beyond the included script.
Credentials
The script and SKILL.md require UAPIPRO_API_KEY (a secret) which is appropriate for the API integration, but the registry metadata does not declare this required env var or a primary credential. That mismatch can lead to the platform not prompting for the key, accidental failures, or users supplying credentials without realizing the skill needs them. The skill does not request other unrelated credentials, and there is no evidence of exfiltration beyond legitimate API calls to uapis.cn.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system-wide settings, and contains no code to persist credentials beyond reading the UAPIPRO_API_KEY from the environment at runtime.
What to consider before installing
Before installing: (1) insist the skill's registry metadata be corrected to declare UAPIPRO_API_KEY as a required credential so the platform can surface that request to you; (2) only provide a minimal-scope UAPIPRO key you trust and do not reuse a high-privilege key; (3) review the included script (scripts/zhihu_hot.py) — it only calls uapis.cn and formats results, but verify you are comfortable with that endpoint; (4) if you need stronger isolation, run the script in a sandboxed environment; and (5) avoid installing if the publisher is unknown and you cannot get the metadata/ownership properly updated.Like a lobster shell, security has layers — review code before you run it.
latest
Chenfeng@savior1987
Download知乎热榜 - UAPIPRO API
通过 UAPIPRO API 获取知乎热榜数据。
快速使用
直接通过 exec 调用脚本:
# 获取完整热榜
python3 scripts/zhihu_hot.py
# 获取前10条
python3 scripts/zhihu_hot.py 10
# JSON格式输出
python3 scripts/zhihu_hot.py --json
python3 scripts/zhihu_hot.py 10 --json
API 信息
- 接口:
GET https://uapis.cn/api/v1/misc/hotboard?type=zhihu - 认证:
Authorization: Bearer <UAPIPRO_API_KEY> - 返回: 知乎热榜列表,每条包含 index、title、url、hot_value、extra(可选 desc/image/label)
- 更新: 约几分钟一次
脚本用法
python3 zhihu_hot.py [N] [--json|-j]
N- 返回前N条(不传则返回全部,约50条)--json- 以 JSON 格式输出(用于程序调用)
返回字段说明
| 字段 | 说明 |
|---|---|
| index | 排名序号 |
| title | 问题标题 |
| url | 问题链接 |
| hot_value | 热度值,如"634 万热度" |
| extra.desc | 问题描述/摘要 |
| extra.image | 配图URL(相对路径) |
| extra.label | 标签,如"新" |
Python 调用示例
import subprocess
import json
import os
# 调用脚本获取JSON输出
result = subprocess.run(
["python3", "scripts/zhihu_hot.py", "10", "--json"],
capture_output=True, text=True,
env={**os.environ, "UAPIPRO_API_KEY": os.environ.get("UAPIPRO_API_KEY", "")}
)
data = json.loads(result.stdout)
for item in data["list"]:
print(item["index"], item["title"])
老大输出格式偏好
标题:XXX(热度:XXX) 原文链接:XXX
每次回复知乎热榜时统一使用此格式。
Comments
Loading comments...