ClawHub

public-opinion-report

v0.0.5

调用Midu-Public-Opinion-Report接口,生成一篇舆情分析报告。支持的报告类型:事件专报、话题报告、行业报告、活动报告、周期性报告、直报点上报快评、直报点上报综述、直报点热点报送、品牌传播洞察报告、城市对标分析报告、城市传播影响力报告、区域网络信息报告、公共政策网络舆情报告。Call the...

0· 54·0 current·0 all-time
by@bitallin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binary (python3), and the single required env var (MIDU_API_KEY) align with a skill that calls a service API to generate reports. The script posts to /api/chat and returns the 'result' field, which matches the stated functionality.
Instruction Scope
SKILL.md and the script instruct the agent to call an internal API host (http://intra-znjs-yqt-agent-wx-beta.midu.cc) and, if MIDU_API_KEY is not set, to GET /apiKey on that host to obtain a key. The README also instructs users to edit ~/.openclaw/openclaw.json and restart OpenClaw. These actions are within scope for obtaining and using an API key, but they cause the skill to make network requests to a hardcoded intranet URL and to require users to modify local OpenClaw config — verify you trust the host and are comfortable modifying config.
Install Mechanism
No install spec; this is instruction-only with a small Python script. Nothing is downloaded or extracted by an installation step, which minimizes installation risk.
Credentials
Only MIDU_API_KEY is declared as required (primary credential) which is proportionate. However, the script will attempt to retrieve an API key from the hardcoded intranet /apiKey endpoint if MIDU_API_KEY is not present — ensure you understand and trust that retrieval flow before relying on the skill.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills. It asks users to add the API key to their OpenClaw config (a user action) which is normal; the skill itself does not request permanent elevated privileges.
Assessment
This skill appears to do what it claims: call a Midu internal API to produce reports and requires a MIDU_API_KEY. Before installing, confirm you trust the hardcoded host (http://intra-znjs-yqt-agent-wx-beta.midu.cc). Note it uses plain HTTP (not HTTPS) to fetch an API key if MIDU_API_KEY is not set — that could expose the key in transit. To minimize risk, set MIDU_API_KEY manually in your environment or OpenClaw config rather than relying on the script's automatic GET, inspect the script yourself, and only store the key if you trust the service and network. If you cannot verify the intranet host or need encrypted transport, do not install or run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk976k63mj0800zw2wq4j97r7y9843yeq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binspython3
EnvMIDU_API_KEY
Primary envMIDU_API_KEY

Comments