maxhub-xiaohongshu
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a coherent Xiaohongshu data-collection skill that uses a MaxHub API key and sends user queries to aconfig.cn, with no artifact-backed malicious behavior found.
Install only if you are comfortable sending Xiaohongshu-related queries to MaxHub/aconfig.cn and using a MAXHUB_API_KEY. Avoid entering private personal information, and watch for costs when approving batch or chained data-collection requests.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured MaxHub account and may incur usage charges or expose queries to that provider.
The skill authenticates to the MaxHub provider using the user's MAXHUB_API_KEY, which is expected for the stated API service but is still a sensitive credential.
"apiBase": { "url": "https://www.aconfig.cn", "authHeader": "x-api-key", "authEnvVar": "MAXHUB_API_KEY" }Use a dedicated or scoped MaxHub API key if available, monitor usage and balance, and revoke the key if you stop using the skill.
Complex requests may trigger multiple API calls, increasing cost and sending more query context to the provider.
The skill can chain multiple provider API calls for complex requests; the artifact discloses this and says explicit user confirmation is required.
链式调用:复杂需求可串联多个API完成(需用户明确确认后执行)
Review and confirm multi-step or batch requests, especially if they involve many notes, users, comments, or pages.