9527 Github Trending
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: 9527-github-trending Version: 1.0.0 The skill bundle is a legitimate utility for fetching GitHub Trending projects and sending notifications via Telegram, DingTalk, or Enterprise WeChat. The Python script (trending.py) uses standard libraries to scrape GitHub and interact with official notification APIs using user-provided credentials, with no evidence of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with these tokens or webhook URLs may be able to post to the configured notification channel.
The script accepts Telegram bot credentials and DingTalk/WeCom webhook URLs so it can post notifications to those channels.
parser.add_argument('--token', help='Telegram Bot Token') ... parser.add_argument('--webhook', help='钉钉/企业微信 Webhook URL')Use only intended bot/webhook credentials, keep them out of shared prompts or public logs, and rotate them if exposed.
If configured, the notifier will continue posting on the schedule, even after the initial setup task is done.
The skill documents a cron entry that would keep the notifier running every day until the user removes or changes it.
0 9 * * * python3 /path/to/trending.py --telegram --token xxx --chat_id xxx
Only add the cron job if you want recurring notifications, and remove or disable it when no longer needed.