ClawHub

Xiaohongshu Creator Marketplace (Pugongying) API

v1.0.1

Analyze Xiaohongshu Creator Marketplace (Pugongying) workflows with JustOneAPI, including creator Profile, data Summary, and follower Growth History across 2...

0· 20·1 current·1 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (node), and primary env var (JUST_ONE_API_TOKEN) match a Node-based API client that calls api.justoneapi.com. The manifest and operation definitions show only GET endpoints that accept a token and userId-like parameters, so the requested resources are proportionate to the described functionality.
Instruction Scope
SKILL.md instructs the agent to call the included node CLI (bin/run.mjs) with an operation id and the JUST_ONE_API_TOKEN; it limits activity to selecting an endpoint, asking the user for missing params, and forwarding requests to JustOneAPI. The runtime instructions do not request unrelated files, other credentials, or exfiltration to third-party endpoints in the documentation.
Install Mechanism
There is no external install/download step (no network downloads or package installs). The skill bundles an executable JS file (bin/run.mjs) which will be run by the agent; while this is expected for a packaged API client and no external URLs are used, executing bundled code is higher-risk than pure instruction-only skills and merits a cursory code review before granting access.
Credentials
Only JUST_ONE_API_TOKEN is required and is the declared primary credential; that is appropriate for an API wrapper. No other secrets, system paths, or unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills or global agent settings. It can be invoked autonomously (the platform default), which is expected for skills of this type.
Assessment
This skill appears coherent and implements a Node CLI client that calls JustOneAPI endpoints. Before installing: (1) Inspect the full bin/run.mjs file to verify it only makes requests to api.justoneapi.com and doesn't call other hosts or read unrelated local files. (2) Provide JUST_ONE_API_TOKEN with the minimum scope possible and keep it secret; do not paste it into chat. (3) Run the skill in a restricted environment if you want additional safety (network sandbox or separate account). If you want, paste the full bin/run.mjs here and I can review it line-by-line for unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk978qwwnfz7b1n7n94j2z1hk85849trm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments