ClawHub

Review Summarizer

v1.0.0

Scrape, analyze, and summarize product reviews from multiple platforms (Amazon, Google, Yelp, TripAdvisor). Extract key insights, sentiment analysis, pros/cons, and recommendations. Use when researching products for arbitrage, creating affiliate content, or making purchasing decisions.

3· 2k·7 current·7 all-time
by@michael-laffin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The README/description claims the skill scrapes Amazon, Google, Yelp, and TripAdvisor and integrates with their APIs, but the actual scraping implementation (scripts/scrape_reviews.py) returns hard-coded MOCK_REVIEWS and contains only comments about 'In production, integrate with:' APIs. There are no network calls or API integrations, no required credentials declared, and no real scraping logic. That is a substantive mismatch between the advertised purpose and the provided capability.
!
Instruction Scope
SKILL.md instructs the agent/user to run the provided scripts with product URLs as if they will fetch live reviews. The scripts accept URL and platform arguments, but scrape_reviews.py uses local mock data and will not retrieve external reviews. The instructions do not ask for credentials or API keys (even though real integrations would normally require them), which makes the runtime instructions misleading for someone expecting live scraping. The scripts only read/write files relevant to their task and do not reference unrelated system files or env vars.
Install Mechanism
There is no install spec (instruction-only metadata) and the repository contains plain Python scripts. No external installers, downloads, or archive extraction are specified. Risk from installation mechanism is low.
Credentials
The skill declares no required environment variables, credentials, or config paths and none are needed by the included code. This is proportional to the actual (mock) implementation, but inconsistent with the written promise to integrate with third-party APIs — those would normally require credentials.
Persistence & Privilege
The skill does not request permanent presence (always: false) and contains no code that modifies other skills or system-wide agent settings. Scripts write output files as expected for a reporting tool; there is no evidence of elevated persistence or privilege requests.
What to consider before installing
This skill is internally inconsistent: it advertises multi-platform web scraping and API integration but the shipped code only uses local MOCK_REVIEWS and no network/API calls. Before installing or relying on it: 1) If you expect live scraping, inspect and modify scrape_reviews.py — implement proper API clients or HTTP scraping and add secure handling for any API keys (do not hard-code secrets). 2) Verify Terms of Service and legal/privacy implications for scraping each platform. 3) Run the scripts in a sandbox first—they only write local files but you should confirm they won't make network requests you didn't expect. 4) If you see a later version that adds network calls, review those additions carefully (endpoints, credential handling, and any obfuscated or remote-download logic). 5) Be cautious granting credentials: the skill currently asks for none, but a real scraper would need API keys — ensure those are minimal-scope and stored securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckq9tcqwqsn2ab2sjq5srh980h9vm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments