ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

抖音实时上升热点榜

v1.0.1

调用抖音上升热点榜接口,获取实时热点上升趋势数据。使用此技能当用户需要:获取抖音热榜/上升热点/热点趋势数据、调用 /douyin/billboard/fetch_hot_rise_list 接口、使用 azt_api_key 调用热榜接口、用 Python 脚本拉取抖音热点上升榜单。Use this skill...

0· 26·0 current·0 all-time
bykyris wu@kyriswu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kyriswu/douyin-hot-rise.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "抖音实时上升热点榜" (kyriswu/douyin-hot-rise) from ClawHub.
Skill page: https://clawhub.ai/kyriswu/douyin-hot-rise
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install kyriswu/douyin-hot-rise

ClawHub CLI

Package manager switcher

npx clawhub@latest install douyin-hot-rise
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python script are consistent: they call a Douyin 'hot rise' API at https://coze-js-api.devtool.uk/douyin/billboard/fetch_hot_rise_list to fetch trending items. The requested parameters (page, page_size, order, keyword) match the declared purpose. However, the skill relies on an external service (devtool.uk) rather than an official Douyin/TikTok API — this is plausible but should be expected and verified by the user.
Instruction Scope
Runtime instructions are narrow: run the included Python script or provide parameters; obtain an AZT_API_KEY via env var or argument; the script only constructs a JSON payload and POSTs it to the stated API URL. It does not instruct reading other system files or sending data to unexpected endpoints beyond the documented devtool.uk API.
Install Mechanism
No install spec (instruction-only with an included script). The script depends on the widely used 'requests' library; SKILL.md and the script instruct the user to install it if missing. No downloads from unknown URLs or archive extraction are performed by the skill itself.
!
Credentials
SKILL.md and the script require an API key (AZT_API_KEY / azt_api_key) and mandate it for operation. The registry metadata, however, lists no required environment variables or primary credential — this is an inconsistency. The API key is the only secret required, which is proportionate to the task, but users should be aware that this key will be transmitted to a third‑party domain (devtool.uk).
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and has no install steps that persist beyond the included script. Autonomous invocation is allowed by default (normal), but combined with the API key requirement this means an agent could call the third‑party API if given the key.
What to consider before installing
This skill calls a third‑party API (coze-js-api.devtool.uk) and requires you to provide an API key (AZT_API_KEY or --azt_api_key). Before installing: 1) Confirm you trust devtool.uk (who runs it, privacy/usage of provided keys and data). 2) Note the registry metadata omitted the required AZT_API_KEY — treat that as a packaging oversight and verify where/how the platform stores/transmits your key. 3) Prefer using a throwaway/test key first to observe behavior. 4) Inspect network requests (or run in a restricted environment) if you need assurance about what is sent. 5) If you will allow the agent to invoke skills autonomously, consider the risk that the agent could call the endpoint using any key you provide. If uncertain, ask the publisher for a homepage/source repository and clarification about key handling before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk977pfjaahnq7r3yepeqpckx7h85f6hn
26downloads
0stars
2versions
Updated 2h ago
v1.0.1
MIT-0
kyris wu@kyriswu
latest
Download

抖音上升热点榜 Skill

调用接口:

  • POST https://coze-js-api.devtool.uk/douyin/billboard/fetch_hot_rise_list

执行随附的 Python 脚本来完成请求,不要在回复中内联构造 curl 命令(除非用户明确要求)。

使用场景

以下情况触发本技能:

  • 用户想获取抖音当前上升热点/热榜数据
  • 用户想批量拉取抖音热点趋势
  • 用户需要按关键词或分类筛选上升热点
  • 用户想用 Python 调用热榜接口

输入参数

参数必填默认值说明
azt_api_key必填调用接口的鉴权 Key
page可选1页码
page_size可选10每页条数
order可选rank排序方式,可选 rank / hot
sentence_tag可选话题分类标签筛选
keyword可选关键词筛选

API Key 获取方式

必须提供 azt_api_key,解析顺序如下:

  1. 读取环境变量 AZT_API_KEY
  2. 用户在参数中直接传入。
  3. 如果两者均未提供,停止执行并提示:

说明:脚本对外输入使用 azt_api_key(或 AZT_API_KEY),实际请求接口时会映射为 payload 字段 api_key

未检测到 API Key。请前往 https://devtool.uk/plugin 购买或查看使用说明后重试。

执行方式

# 先设置环境变量(或在脚本参数中传入)
export AZT_API_KEY="your_key_here"

python3 scripts/fetch_hot_rise_list.py

带可选参数示例:

python3 scripts/fetch_hot_rise_list.py --page 1 --page_size 20 --order hot --keyword 明星

响应处理

  1. 显示请求结果状态(code: 200 为成功,code: -1 为失败)。
  2. 列出返回的热点条目(标题、热度值、排名等)。
  3. 如果失败,给出可能原因及修正建议。

常见失败原因:

  • azt_api_key 无效或已过期 → 前往 https://devtool.uk/plugin 重新购买
  • azt_api_key 积分已用完 → 联系作者续费
  • 网络问题或服务器错误 → 稍后重试

输出格式

# 抖音上升热点榜请求结果

- 接口:POST https://coze-js-api.devtool.uk/douyin/billboard/fetch_hot_rise_list
- 页码:<page>
- 每页条数:<page_size>
- API Key 来源:<env: AZT_API_KEY | 用户传入>

## 返回数据
<热点条目列表,含排名/标题/热度等字段>

## 状态
<成功/失败信息及剩余积分>

Comments

Loading comments...