maxhub-xiaohongshu
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured MaxHub account and may incur usage charges or expose queries to that provider.
The skill authenticates to the MaxHub provider using the user's MAXHUB_API_KEY, which is expected for the stated API service but is still a sensitive credential.
"apiBase": { "url": "https://www.aconfig.cn", "authHeader": "x-api-key", "authEnvVar": "MAXHUB_API_KEY" }Use a dedicated or scoped MaxHub API key if available, monitor usage and balance, and revoke the key if you stop using the skill.
Complex requests may trigger multiple API calls, increasing cost and sending more query context to the provider.
The skill can chain multiple provider API calls for complex requests; the artifact discloses this and says explicit user confirmation is required.
链式调用:复杂需求可串联多个API完成(需用户明确确认后执行)
Review and confirm multi-step or batch requests, especially if they involve many notes, users, comments, or pages.