技能 maxhub-xigua
📦

maxhub-xigua

中風險 🌐 網路存取⚙️ 外部命令🔑 環境變數

Query and analyze Xigua video data with AI

Researchers and content analysts lack easy access to structured Xigua video data. This skill lets you search videos, view creator profiles, read comments, and analyze trends using natural language queries through the MaxHub API.

支援: Claude Codex Code(CC)
⚠️ 66
1

下載技能 ZIP

2

在 Claude 中上傳

前往 設定 → 功能 → 技能 → 上傳技能

3

開啟並開始使用

測試它

正在使用「maxhub-xigua」。 Search Xigua for technology review videos with minimum duration of 5 minutes.

預期結果:

  • I found 8 technology review videos matching your criteria:
  •  
  • | Title | Creator | Duration | Views | Published |
  • |-------|---------|----------|-------|-----------|
  • | Smartphone X Review | TechReviewer | 12:30 | 45.2K | 2025-03-15 |
  • | Laptop Comparison 2025 | GadgetLab | 18:45 | 28.7K | 2025-03-10 |
  • | Best Wireless Earbuds | AudioPro | 8:20 | 32.1K | 2025-03-08 |
  •  
  • The longest video is 18 minutes 45 seconds. The most viewed video has 45.2K views.

正在使用「maxhub-xigua」。 Show me the profile for Xigua user 52712347586 and their recent uploads.

預期結果:

  • Here is the creator profile and their recent posts:
  •  
  • **Creator:** TechVlogger
  • **Followers:** 12.5K
  • **Total Videos:** 47
  •  
  • Recent posts (last 5):
  • - Unboxing the Latest Tablet (3 days ago) - 8.2K views
  • - Smart Home Setup Guide (1 week ago) - 5.7K views
  • - Budget Phone vs Flagship (2 weeks ago) - 15.3K views
  • - How to Edit Videos on Mobile (3 weeks ago) - 4.1K views
  • - Gaming Phone Roundup (1 month ago) - 6.8K views

安全審計

中風險
v2 • 5/20/2026

This skill is a legitimate API client for Xigua Video data via the MaxHub service. Static analysis found 133 potential issues, but the vast majority are false positives from documentation files (READMEs, reference docs) where shell commands appear in markdown code blocks and URLs point to the legitimate service endpoint at www.aconfig.cn. The genuine risk is MEDIUM: the skill instructs the AI agent to execute curl commands with an API key environment variable (MAXHUB_API_KEY). While this is normal for an API client, the combination of shell execution, network access, and credential usage creates a real attack surface if the AI is manipulated via prompt injection. No malicious intent, obfuscation, or data exfiltration patterns were found.

6
已掃描檔案
506
分析行數
9
發現項
2
審計總數
中風險問題 (1)
SKILL.md:45-61SKILL.md:67-69SKILL.md:80-92
Shell command execution via curl with API credentials
SKILL.md instructs the AI agent to execute curl commands using the MAXHUB_API_KEY environment variable for API authentication (SKILL.md:45-61, 67-69, 80-92). This is the intended behavior for an API client, but the combination of shell execution with credential access creates a prompt injection attack surface where a manipulated AI could be redirected to exfiltrate the API key to a different endpoint.
低風險問題 (5)
_meta.json:6-7README.md:19README.md:32README.md:36README_CN.md:19README_CN.md:32README_CN.md:36SKILL.md:18SKILL.md:22SKILL.md:30SKILL.md:32SKILL.md:45SKILL.md:53SKILL.md:57SKILL.md:77SKILL.md:88
Hardcoded URLs in documentation files
Multiple files contain hardcoded URLs pointing to www.aconfig.cn, the legitimate MaxHub API service. These are FALSE POSITIVES - the URLs are the intended API endpoint and documentation references, not suspicious destinations.
README_CN.md:13-15README_CN.md:20README.md:13-15README.md:20references/api-video-user.md:3-4references/param-mappings.md:3-40
Shell command patterns in documentation files
README.md, README_CN.md, and reference documentation files contain shell command patterns (backtick usage in markdown code blocks). These are FALSE POSITIVES - the commands appear in documentation code blocks for human readers, not as executable instructions for the AI agent. The backticks are markdown formatting for code examples showing install and setup steps.
references/api-video-user.md:15references/api-video-user.md:23references/api-video-user.md:41references/api-video-user.md:49references/api-video-user.md:66references/api-video-user.md:74references/api-video-user.md:92references/api-video-user.md:100references/api-video-user.md:117references/api-video-user.md:126references/api-video-user.md:146references/api-video-user.md:156references/api-video-user.md:175references/api-video-user.md:187
Weak cryptographic algorithm reference (Base64)
Static analyzer flagged 'Base64 encoding' in API documentation as a weak cryptographic algorithm (references/api-video-user.md:15,23,41,49). This is a FALSE POSITIVE - Base64 is used as a data encoding format for video URLs in API responses, not for security purposes. The documentation states 'Base64 encoded play address, needs front-end decoding.'
references/api-video-user.md:17references/api-video-user.md:28references/api-video-user.md:43references/api-video-user.md:54references/api-video-user.md:68references/api-video-user.md:79references/api-video-user.md:94references/api-video-user.md:105references/api-video-user.md:119references/api-video-user.md:131references/api-video-user.md:148references/api-video-user.md:161references/param-mappings.md:9references/param-mappings.md:13references/param-mappings.md:17references/param-mappings.md:21references/param-mappings.md:25references/param-mappings.md:30
System reconnaissance pattern (example IDs in documentation)
Static analyzer flagged example video IDs and user IDs in parameter tables as 'system reconnaissance.' These are FALSE POSITIVES - the values (e.g., item_id=7354954305222377999, user_id=52712347586) are sample/example IDs in API documentation, not actual reconnaissance attempts.
README_CN.md:1
High file entropy heuristic (Chinese UTF-8 content)
Static analyzer flagged README_CN.md for high file entropy (6.02 bits) suggesting possible binary or encrypted content. This is a FALSE POSITIVE - the file contains standard Chinese UTF-8 text which naturally has higher byte entropy than ASCII text due to multi-byte character encoding.

風險因素

🌐 網路存取 (19)
_meta.json:6 _meta.json:7 README_CN.md:19 README_CN.md:32 README_CN.md:36 README.md:19 README.md:32 README.md:36 references/api-video-user.md:3 references/param-mappings.md:3 SKILL.md:18 SKILL.md:22 SKILL.md:30 SKILL.md:32 SKILL.md:45 SKILL.md:53 SKILL.md:57 SKILL.md:77 SKILL.md:88
⚙️ 外部命令 (57)
README_CN.md:13-15 README_CN.md:15-20 README_CN.md:20 README.md:13-15 README.md:15-20 README.md:20 references/api-video-user.md:3 references/api-video-user.md:4 references/api-video-user.md:9 references/api-video-user.md:21 references/api-video-user.md:35 references/api-video-user.md:47 references/api-video-user.md:60 references/api-video-user.md:72 references/api-video-user.md:86 references/api-video-user.md:98 references/api-video-user.md:111 references/api-video-user.md:124 references/api-video-user.md:140 references/api-video-user.md:154 references/api-video-user.md:169 references/api-video-user.md:185 references/param-mappings.md:3 references/param-mappings.md:3 references/param-mappings.md:9 references/param-mappings.md:9 references/param-mappings.md:13 references/param-mappings.md:13 references/param-mappings.md:17 references/param-mappings.md:17 references/param-mappings.md:21 references/param-mappings.md:21 references/param-mappings.md:25 references/param-mappings.md:25 references/param-mappings.md:26 references/param-mappings.md:30 references/param-mappings.md:30 references/param-mappings.md:31 references/param-mappings.md:32 references/param-mappings.md:36 references/param-mappings.md:36 references/param-mappings.md:37 references/param-mappings.md:38 references/param-mappings.md:39 references/param-mappings.md:40 SKILL.md:45 SKILL.md:47 SKILL.md:47 SKILL.md:49-61 SKILL.md:61-67 SKILL.md:67-69 SKILL.md:69-80 SKILL.md:80-81 SKILL.md:81-91 SKILL.md:91-92 SKILL.md:92-106 SKILL.md:106-154
🔑 環境變數 (15)
README_CN.md:20 README.md:20 references/api-video-user.md:4 SKILL.md:10 SKILL.md:13 SKILL.md:17 SKILL.md:47 SKILL.md:50 SKILL.md:68 SKILL.md:80 SKILL.md:81 SKILL.md:81 SKILL.md:91 SKILL.md:92 SKILL.md:92

偵測到的模式

curl command execution with environment variable credentials
審計者: claude 查看審計歷史 →

品質評分

55
架構
95
可維護性
87
內容
31
社群
50
安全
91
規範符合性

你能建構什麼

Content trend research

Search for videos by keyword and analyze view counts, durations, and content patterns across Xigua video categories.

Creator profile analysis

Look up Xigua creator profiles and examine their published video library to understand content strategy and audience engagement.

Competitive video monitoring

Track specific videos and their comments over time to gauge audience sentiment and content performance.

試試這些提示

Search for videos by keyword 
Search Xigua for videos about "artificial intelligence" and show me the top 10 results with their view counts and durations.
Get detailed video information 
Get the full details for Xigua video with ID 7354954305222377999. Show me the title, description, author info, and play count.
Analyze a creator profile 
Find the user profile for Xigua user ID 52712347586 and list their recent posts. Show me which videos have the highest engagement.
Comprehensive video and comment analysis 
Search for cooking tutorials on Xigua sorted by popularity. For the top 3 results, get their video details and read the first 20 comments. Summarize what viewers are saying.

最佳實務

  • Start with a simple search to confirm the API returns data before performing complex multi-endpoint analysis.
  • Use the browse mode for quick lookups and the analyze mode for deeper data-driven insights.
  • Keep queries focused on specific video IDs or user IDs for the most accurate and fast results.

避免

  • Do not make excessive parallel requests to the API as rate limiting may block further queries.
  • Do not assume data freshness - video metrics may be cached by the third-party API provider.
  • Do not expose the API key or include it in any logs, outputs, or shared data.

常見問題

Do I need an API key to use this skill?
Yes, you need to register at www.aconfig.cn and create an API key. Set it as the MAXHUB_API_KEY environment variable.
What data can I query from Xigua video?
You can search videos, get video details, view creator profiles, list user posts, read video comments, and fetch video play URLs.
Does this skill work in both Chinese and English?
Yes. The skill detects your language and responds in the same language. Chinese output uses wan/yi number format while English uses K/M/B format.
Is the data real-time?
The data comes from a third-party API provider and may be cached. Video metrics like view counts may not reflect the latest values.
Can I download videos using this skill?
The skill can retrieve video play URLs but playback access depends on Xigua platform restrictions. Downloaded content must respect copyright.
What should I do if a query returns no results?
Try broadening your search parameters, checking the video ID format, or verifying your API key is still valid and has not exceeded rate limits.

開發者詳情

作者

XieWxx

授權

MIT-0

儲存庫

https://github.com/XieWxx/maxhub-api-skills/tree/main/maxhub-xigua

引用

main

檔案結構

📁 references/

📄 api-video-user.md

📄 param-mappings.md

📄 _meta.json

📄 README_CN.md

📄 README.md

📄 SKILL.md