ClawHub

Zhihu API

v1.0.0

Search Zhihu topics, inspect answer lists, read column article detail, and track column article feeds through JustOneAPI.

0· 14·0 current·0 all-time
by@justoneapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Zhihu via JustOneAPI) match the declared dependency on JUST_ONE_API_TOKEN and the included bin/run.mjs which calls https://api.justoneapi.com endpoints. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and bin/run.mjs confine actions to: reading local generated docs, parsing CLI args/environment token, and performing GET requests to api.justoneapi.com. One noteworthy detail: the token is placed in the query string (parameter named 'token'), which is functional but means the token may be logged by intermediaries or server logs—this is an operational privacy consideration rather than an incoherence.
Install Mechanism
No install script or remote downloads are present; the packaged code (bin/run.mjs and generated docs) is provided. Node is required to run the included script—this is proportionate to the implementation.
Credentials
Only JUST_ONE_API_TOKEN is required and is used solely to authenticate requests to JustOneAPI per the documentation and code. No additional secrets, system config paths, or unrelated env vars are requested.
Persistence & Privilege
Skill is not forced-always, does not request system-wide changes, and contains no behavior that modifies other skills or system config. It will perform network calls to the declared API endpoint when invoked.
Assessment
This skill appears to do exactly what it says: call JustOneAPI to fetch Zhihu data. Before installing, confirm you trust api.justoneapi.com and the token you provide: the CLI sends the token as a query parameter (it may appear in logs or proxy traces). Use a token with limited scope if possible, do not paste the token into chat or public places, and only install if you are comfortable granting network access to the JustOneAPI endpoint. If you need higher assurance, review the provided bin/run.mjs file in full (it's included) and verify the baseUrl matches the official service.

Like a lobster shell, security has layers — review code before you run it.

latestvk971j40xtvyeatgd6f853fs8e584977p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_ONE_API_TOKEN
Primary envJUST_ONE_API_TOKEN

Comments