9527 Github Trending
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with these tokens or webhook URLs may be able to post to the configured notification channel.
The script accepts Telegram bot credentials and DingTalk/WeCom webhook URLs so it can post notifications to those channels.
parser.add_argument('--token', help='Telegram Bot Token') ... parser.add_argument('--webhook', help='钉钉/企业微信 Webhook URL')Use only intended bot/webhook credentials, keep them out of shared prompts or public logs, and rotate them if exposed.
If configured, the notifier will continue posting on the schedule, even after the initial setup task is done.
The skill documents a cron entry that would keep the notifier running every day until the user removes or changes it.
0 9 * * * python3 /path/to/trending.py --telegram --token xxx --chat_id xxx
Only add the cron job if you want recurring notifications, and remove or disable it when no longer needed.