9527 Github Trending
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts match a simple GitHub Trending notifier; the main things to notice are optional bot/webhook credentials and user-configured daily scheduling.
This skill appears purpose-aligned. Before installing, confirm you are comfortable giving it notification-channel credentials and, if you use the cron example, remember it will keep running daily until you remove it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with these tokens or webhook URLs may be able to post to the configured notification channel.
The script accepts Telegram bot credentials and DingTalk/WeCom webhook URLs so it can post notifications to those channels.
parser.add_argument('--token', help='Telegram Bot Token') ... parser.add_argument('--webhook', help='钉钉/企业微信 Webhook URL')Use only intended bot/webhook credentials, keep them out of shared prompts or public logs, and rotate them if exposed.
If configured, the notifier will continue posting on the schedule, even after the initial setup task is done.
The skill documents a cron entry that would keep the notifier running every day until the user removes or changes it.
0 9 * * * python3 /path/to/trending.py --telegram --token xxx --chat_id xxx
Only add the cron job if you want recurring notifications, and remove or disable it when no longer needed.