Meme Collector 热梗收集器
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—collect memes and add them to Dify—but it needs Dify write credentials and stores web-sourced content persistently.
This skill is coherent and not showing hidden malicious behavior in the provided artifacts. Before using it, make sure you are comfortable giving it a Dify API key with write access, use a trusted proxy only, and review the generated meme entries if the Dify knowledge base is used in production or customer-facing workflows.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide credentials that can access or modify the target Dify dataset.
The skill needs a Dify API key and dataset identifier to operate, giving it delegated access to a user-controlled Dify knowledge base.
`DATASET_ID` | Dify 知识库 ID ... `API_KEY` | Dify API Key ... 如果用户未提供,询问。
Use a least-privileged Dify key limited to the intended dataset, provide it only when needed, and use only a trusted proxy if one is configured.
Running the batch step can change the contents of the Dify knowledge base and affect future applications that rely on it.
The helper script performs authenticated API calls that create documents in the Dify dataset; this is expected for the skill but is still a real external mutation.
url = f"{BASE_URL}/datasets/{dataset_id}/document/create_by_text" ... resp = session.post(url, headers=headers, json=payload, timeout=30)Review the generated meme JSON before upload when quality matters, and consider testing in a separate dataset or keeping backups.
Incorrect, manipulated, or low-quality web content could be stored and later influence Dify responses or downstream agents.
The skill takes information from public web pages and persists it into a knowledge base that may be reused later.
用 `web_search` 搜索最新热梗 ... 用 `web_fetch` 抓取搜索结果中的盘点文章 ... 将去重后的新梗构造为 JSON 数组,用脚本批量写入
Keep source provenance where possible, avoid copying instructions from fetched pages, and review uncertain entries before committing them.