Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Keyword Rank Monitor
v1.0.0关键词排名追踪、SEO 分析、搜索趋势监控、竞品关键词对比。适合电商卖家、SEO 从业者、内容运营。
⭐ 0· 58·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match required binaries and declared pip dependencies (python3, curl, requests, pandas) which are reasonable for web scraping and data processing. However the skill claims integration with platforms (Taobao, JD, Baidu, Douyin) that commonly require authentication or specialized APIs; the SKILL.md does not request or explain any platform credentials, scraping strategy, or API clients, so it's unclear how it will achieve accurate ranking data.
Instruction Scope
The SKILL.md is high‑level and contains user-facing examples and output templates but no concrete runtime commands, file reads, or network endpoints. It therefore does not appear to request unrelated system data (good), but it's vague about how data is collected, where alerts are sent, and what external services (if any) receive the results.
Install Mechanism
This is an instruction‑only skill with no install spec that writes code to disk; the metadata suggests installing two pip packages (requests, pandas) which is proportionate and low risk. No external downloads or obscure installers are used.
Credentials
No environment variables, credentials, or config paths are requested (low immediate risk). That said, the feature set (hourly monitoring, paid API access, notifications, platform integrations) would normally require tokens, cookies, or webhook/email configuration — their absence is an unexplained omission rather than a clear sign of safety.
Persistence & Privilege
The skill is not always‑on and does not request elevated or persistent privileges. It does not claim to modify other skills or system settings.
What to consider before installing
Before installing or enabling this skill, ask the author for concrete runtime details: (1) How does it obtain ranking data for each platform? Does it require login cookies, API keys, or a paid data provider? (2) Where are results and alerts sent (email, webhook, third‑party API)? If alerts/webhooks require you to provide endpoints or credentials, know where those go. (3) For the paid/API tiers, what endpoint accepts the data and how is access authenticated? (4) If the skill scrapes websites, confirm it respects terms of service and rate limits — scraping can lead to account blocks. Because the SKILL.md is high‑level with no executable code, request the actual scripts or a more detailed spec; inspect any code before supplying credentials. If you must proceed without more detail, avoid providing platform credentials or private webhooks until you understand where data is transmitted.Like a lobster shell, security has layers — review code before you run it.
latestvk977rpm260ek5ppt24vm4y7hbh83jjz2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Binspython3, curl