ClawHub

Keyword Research

v1.0.0

Multi-source keyword intelligence and autocomplete research. Fetches real-time suggestions from Google, YouTube, Amazon, and DuckDuckGo — no API key required...

0· 57·0 current·0 all-time
by@brasco05
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (multi-source autocomplete suggestions) matches the provided SKILL.md and the script. The script queries Google, YouTube, Amazon, DuckDuckGo and Bing suggestion endpoints — exactly the advertised sources. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md instructs running the included Python script with flags. It does not instruct the agent to read arbitrary local files or hidden credentials. The runtime behavior (HTTP requests to public suggestion APIs, optional expand/dedup/output modes) is within the stated scope. Note: running the script transmits whatever seed keyword you provide to third-party suggestion endpoints (privacy consideration).
Install Mechanism
No install spec; this is instruction + included Python script that uses only the standard library. No downloads from external URLs or package registries occur during install. Risk from installation is low.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it sends user-supplied keywords over the network to multiple third-party endpoints — avoid submitting sensitive data as input. There is no hidden credential access.
Persistence & Privilege
always:false and default agent invocation are used. The skill does not request persistent installation, modify other skills, or write agent/system-wide config. It will only run when invoked.
Assessment
This skill appears to be what it claims: a small Python script that queries public autocomplete endpoints. Before using it: (1) review the included scripts/fetch_suggestions.py yourself (it is short and uses only the stdlib), (2) do not pass any sensitive or private strings as the seed keyword — those values are sent to third-party services, (3) run it locally in an environment you control (or sandbox) if you have concerns, (4) be aware of provider rate limits, possible captchas or blocking if you run large batches, and potential Terms-of-Service issues for scraping autocomplete endpoints, and (5) if you plan to automate via an agent, remember that the agent will send whatever keywords it queries to those external endpoints; restrict autonomous runs accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97100gb0aha7sy6x1244fekjd83x615

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments