Trend
v2.0.1Track trending topics with popularity, sentiment, and alerts. Use when drafting reports, optimizing keywords, scheduling checks, tagging hashtags.
⭐ 0· 349·3 current·3 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (tracking trending topics, content drafting/optimization, scheduling, exports) align with the included shell script and SKILL.md: commands create and read timestamped log files under ~/.local/share/trend. No unrelated credentials, binaries, or cloud access are requested.
Instruction Scope
SKILL.md and the script limit actions to local file reads/writes, simple text searches, stats and exports. Minor implementation issues: exported JSON is assembled by simple printf without escaping user values (could produce invalid JSON or inject quote characters into output), and search uses grep with an unescaped user term (may be interpreted as a regex or option). These are implementation bugs/vulnerabilities but do not indicate misaligned purpose.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The repository includes a scripts/script.sh that implements the commands; presence of the script is expected given the described CLI. No downloads or external installers are used.
Credentials
The skill declares and requires no environment variables, credentials, or config paths. The script only uses $HOME to place files in ~/.local/share/trend, which is proportional to a local diary/logging tool.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. It writes only to its own data directory under the user's home, which matches the stated behavior.
Assessment
This skill appears coherent: it records and reads plain-text log entries under ~/.local/share/trend and provides local exports. Before installing, note that logs and exports are not escaped or encrypted (sensitive content will be stored in cleartext). Exported JSON may be malformed if entries contain quotes/newlines. Search terms are passed straight to grep (may be treated as regex/options). If you will store sensitive data, avoid using this tool or sanitize/encrypt logs; otherwise it's safe for local note-taking. If you want stricter behavior, review the complete script for the truncated portion and consider requesting fixes for JSON escaping and safer handling of user input.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5bfm77e0ca24vsxwbfsp9983589p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.