X Trends
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: x-trends Version: 1.2.1 The skill bundle is a CLI tool designed to scrape trending topics from 'getdaytrends.com'. The `SKILL.md` provides clear, benign instructions and does not contain any prompt injection attempts. The `index.js` script uses standard Node.js modules and well-known libraries (cheerio, commander, chalk, ora) to fetch and parse HTML from the hardcoded domain `https://getdaytrends.com`. It does not access sensitive files, environment variables, execute arbitrary commands, or exfiltrate data to unauthorized endpoints. All observed behavior aligns with the stated purpose of a web scraper.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the command sends the selected country path to getdaytrends.com and returns public web content as trend results.
This shows the CLI performs an outbound request to getdaytrends.com based on the requested country. That is disclosed and purpose-aligned, but users should know the tool contacts a third-party site.
const url = `https://getdaytrends.com/${countrySlug ? countrySlug + '/' : ''}`;
...
const html = await fetchTrends(url);Use it for public trend lookups only, and treat returned trend names/links as untrusted public web data.
The main security dependency is trust in the packaged code and its npm dependencies, not any credential or local-data access by the skill itself.
The skill depends on third-party npm packages. This is normal for a Node CLI and a lockfile is included, but installation still relies on the npm dependency chain.
"dependencies": {
"chalk": "^5.3.0",
"cheerio": "^1.0.0",
"commander": "^12.0.0",
"ora": "^8.0.0"
}Install from the reviewed package version and keep the lockfile/dependencies under normal supply-chain review if using it in a sensitive environment.