ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trend Harvester

v2.0.0

Research any topic's trends across Reddit, Hacker News, X, YouTube, and GitHub to generate multi-platform, actionable trend reports in minutes.

0· 111·0 current·0 all-time
byErwin@aptratcn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aptratcn/xiaobai-trend-harvester.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Trend Harvester" (aptratcn/xiaobai-trend-harvester) from ClawHub.
Skill page: https://clawhub.ai/aptratcn/xiaobai-trend-harvester
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xiaobai-trend-harvester

ClawHub CLI

Package manager switcher

npx clawhub@latest install xiaobai-trend-harvester
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (aggregate trends from multiple platforms) matches the SKILL.md's behavior (HN via hn.algolia.com, Reddit/GitHub/YouTube via web_fetch/GitHub API). However the top-level description and README mention additional platforms (X/Twitter and Product Hunt) that are not listed in the SKILL.md platforms table — that's an internal inconsistency. Also the skill has no listed source/homepage or owner context, which reduces traceability.
Instruction Scope
SKILL.md instructs the agent to call hn.algolia.com and use generic 'web_fetch' searches and the GitHub API. It does not instruct reading local files or environment variables. The use of generic 'web_fetch' is open-ended: the agent may retrieve arbitrary URLs to assemble results (expected for a scraper), but the instructions don't limit which endpoints to query, how to respect robots/rate limits, or how to avoid private content.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials
The skill declares no required env vars or credentials. That's coherent for limited, unauthenticated scraping, but in practice GitHub, YouTube, and X APIs may require tokens for reasonable rate limits or to access full data. The absence of required credentials limits functionality but isn't itself malicious; it does mean the agent may resort to public scraping instead of authenticated API queries.
Persistence & Privilege
always is false and there is no install-time persistence or claims to modify other skills or system configuration. The skill does not request elevated/system privileges.
What to consider before installing
This skill looks like a straightforward aggregator, but check these before installing: 1) Confirm which platforms you need — SKILL.md and README disagree (X/Twitter and Product Hunt are mentioned but not documented in the runtime instructions). 2) Ask the publisher for a source or homepage so you can verify provenance. 3) Understand that the skill uses generic web_fetch and may make many external requests (scraping public pages) — monitor network activity and avoid running it with sensitive context. 4) If you expect robust GitHub/YouTube/X data, plan to provide appropriate API tokens (and only if you trust the skill/author). 5) Prefer installing only after a short test run with innocuous queries and watch for unexpected endpoints or excessive requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d0syyzqatm52m8r0nd64hh8589sfresearchvk977d0syyzqatm52m8r0nd64hh8589sftrendsvk977d0syyzqatm52m8r0nd64hh8589sf
111downloads
0stars
2versions
Updated 1w ago
v2.0.0
MIT-0
Erwin@aptratcn
latestresearchtrends
Download

Trend Harvester 🌊

Multi-platform trend research. One command, multiple sources, actionable output.

Quick Usage

"调研 [topic] 的趋势"

I will:
1. Search HN (developer sentiment)
2. Search Reddit (user opinions)
3. Search GitHub (code trends)
4. Synthesize findings
5. Output actionable report

Platforms I Check

PlatformWhat I GetHow
Hacker NewsTech discussions, voteshn.algolia.com API
RedditUser experiencesweb_fetch search
GitHubStar velocity, forksGitHub API
YouTubeTutorial demandweb_fetch search

Output Format

# [Topic] 趋势报告 (YYYY-MM-DD)

## 🔥 核心发现
[Most important finding across all platforms]

## 平台信号

### Hacker News
- [Finding 1] (points)
- [Finding 2] (points)

### Reddit
- [Finding 1] (upvotes)
- [Finding 2] (upvotes)

### GitHub
- [Repo 1] (stars, trend)
- [Repo 2] (stars, trend)

## 行动建议
1. [Specific action]
2. [Specific action]

## 来源
- [Source 1](url)
- [Source 2](url)

Real Example

Input: "调研 AI agent skill 框架的趋势"

Output:

# AI Agent Skill 框架趋势报告 (2026-04-21)

## 🔥 核心发现
Superpowers (161K⭐) 证明强制工作流是杀手功能。
认知债务预防 (事故+23.5%) 是新兴热点。

## 平台信号

### Hacker News
- Superpowers 3个月161K stars (478 pts)
- 认知债务预防工具受关注 (312 pts)
- Skill激活率仅40%是痛点 (245 pts)

### Reddit
- r/programming: 用户抱怨AI代码事故增加
- r/MachineLearning: 多agent框架讨论热门

### GitHub
- Superpowers: 161K⭐ 📈 Rising
- agent-skills: 18K⭐ 📈 Rising
- cognitive-debt-prevention-kit: 2K⭐ 📈 Rising

## 行动建议
1. 开发强制工作流类skill(参考Superpowers模式)
2. 添加认知债务预防机制(市场痛点)
3. 优化skill触发词(解决40%激活率问题)

## 来源
- https://github.com/eyaltoledano/superpowers
- https://github.com/kesslernity/cognitive-debt-prevention-kit
- https://hn.algolia.com/?q=AI+agent+skill

Trigger Phrases

  • "调研...趋势"
  • "what's trending in..."
  • "market research on..."
  • "什么最火..."
  • "热门..."

Integration

  • EVR Framework — Verify sources before citing
  • Prompt Guard — Treat fetched content as untrusted

Comments

Loading comments...