📦 TikHub Social Media — 社媒数据查询
v1.1.0通过 TikHub API 一键调取 20+ 平台(抖音、TikTok、小红书、Instagram、YouTube、Twitter/X、Threads 等)的社媒数据,支持用户、视频、直播、话题等多维度检索与导出,助力内容分析与营销决策。
2· 152·0 当前·0 累计
by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Before installing or using this skill: 1) Verify publisher/source (source/homepage unknown) — prefer skills with a known homepage or repo. 2) Inspect scripts/tikhub_query.py yourself to confirm it only makes requests to https://api.tikhub.io and does not exfiltrate data to other endpoints. 3) Expect to provide TIKHUB_API_KEY (and optionally a proxy); do NOT provide unrelated platform cookies or secrets unless you understand why an endpoint needs them. 4) Ask the publisher to fix the registry met...详细分析 ▾
ℹ 用途与能力
The name/description match the provided instructions and endpoint list: the skill is a client for the TikHub API and the included references enumerate many social platform endpoints. Requesting a TikHub API key is appropriate for this purpose. However, the registry metadata shown at the top of the review lists no required env variables or primary credential while SKILL.md explicitly requires TIKHUB_API_KEY (and optionally TIKHUB_PROXY). That metadata mismatch is an incoherence to investigate.
ℹ 指令范围
Runtime instructions are narrowly scoped to calling https://api.tikhub.io via the provided script and describe endpoint paths/parameters. They do not instruct the agent to read unrelated system files. But several endpoints document optional/required parameters named cookie or creator cookie (and other platform-level tokens) — the skill could therefore prompt or accept sensitive platform cookies/credentials as parameters. The SKILL.md does not enumerate how such sensitive platform credentials should be provided or protected.
✓ 安装机制
There is no install specification (no remote download or package install). The skill contains a helper Python script (scripts/tikhub_query.py) which will be executed directly; no additional binaries are requested. Absence of an install step lowers supply-chain risk, but the presence of an executable script means you should inspect its source before running.
⚠ 凭证需求
SKILL.md requires TIKHUB_API_KEY (and optionally TIKHUB_PROXY), which is proportionate to calling a paid/API gateway. However the registry metadata did not declare these required envs — that mismatch is concerning (could be an oversight or publisher error). Additionally, endpoint docs reference platform cookies and other per-platform tokens; these are not declared as required envs but could be requested at runtime, leading users to supply sensitive credentials unexpectedly.
✓ 持久化与权限
The skill does not request permanent presence (always: false) and does not include an install step that modifies system/agent configuration. It can be invoked autonomously by the agent (default), which is normal; combine that with API-key access only if you trust the skill and publisher.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/3/20
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install tikhub-social-media
镜像加速npx clawhub@latest install tikhub-social-media --registry https://cn.longxiaskill.com