ClawHub

WeChat Official Accounts API

v1.0.1

Analyze WeChat Official Accounts workflows with JustOneAPI, including user Published Posts, article Engagement Metrics, and article Comments across 5 operati...

0· 20·1 current·1 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implemented operations: five GET endpoints on api.justoneapi.com. Declared requirements (node and JUST_ONE_API_TOKEN) are reasonable and necessary to run the included bin/run.mjs client and authenticate requests.
Instruction Scope
SKILL.md instructs the agent to call the included run.mjs with operation, token, and parameters. The runtime script performs HTTP GETs to api.justoneapi.com and parses JSON responses. The instructions do not ask the agent to read unrelated files, other environment variables, or send data to third-party endpoints.
Install Mechanism
No install spec or external downloads are present; the skill includes a Node script (bin/run.mjs) and relies on an already-installed node binary. No archives or network installs are performed by the skill itself.
Credentials
Only JUST_ONE_API_TOKEN is required (declared as primary credential). The token is used as a query parameter to authenticate to api.justoneapi.com. No unrelated credentials, config paths, or high-privilege variables are requested.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges or modify other skills' configs. It permits autonomous invocation (platform default), but that is expected for a callable API skill.
Assessment
This skill appears coherent: it wraps JustOneAPI WeChat endpoints and only needs a JustOneAPI token plus node to run the included client. Before installing: (1) Confirm you trust JustOneAPI (https://api.justoneapi.com) and understand what that token can access; prefer creating a least-privilege/read-only token if available. (2) Inspect bin/run.mjs yourself (it is included) or run it in an isolated environment if you have concerns. (3) Never paste the JUST_ONE_API_TOKEN into chat or logs; provide it to the skill via environment variable substitution as instructed. (4) If you do not want the agent to call the API autonomously, adjust skill invocation settings or deny autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk975a1r8g30wx1twxzbwehbjqs849n2n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments