maxhub-pipixia
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the MaxHub/aconfig.cn service with the API key and any account billing associated with API calls.
The skill uses a provider API key from the environment and sends it as an authentication header to the declared MaxHub provider.
"apiBase": { "url": "https://www.aconfig.cn", "authHeader": "x-api-key", "authEnvVar": "MAXHUB_API_KEY" }Use a revocable or scoped API key if available, monitor usage/balance, and remove the key if you no longer use the skill.
Search terms, user IDs, item IDs, or URLs supplied to the skill may be sent to a third-party API service.
The documentation discloses that user query parameters are transmitted to the external API provider.
本Skill通过MaxHub API(aconfig.cn)获取数据,用户查询参数将发送至该服务
Do not submit private or sensitive information as search/query parameters unless you are comfortable sharing it with the provider.
Complex or batch requests may consume paid API quota through multiple calls.
The skill can perform multiple API calls for complex requests, which can increase cost or data sharing, but the documentation says explicit confirmation is needed.
链式调用:复杂需求可串联多个API完成(需用户明确确认后执行)
Review and confirm chained or bulk requests, especially when requesting more than the default number of results.