Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Linguistic Landscape Analyzer
v1.0.1语言景观分析 MCP 工具 - 小红书情感分析与关键词提取,支持语言学/社会学研究
⭐ 0· 127·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (language-sentiment/keyword extraction for Xiaohongshu research) matches the code and SKILL.md. The only required binary is Node.js and the package.json dependencies (MCP SDK, sentiment, keyword-extractor, zod) are appropriate for the stated functionality.
Instruction Scope
SKILL.md and server.js explicitly operate on local CSV data (data/sample.csv or data/notes.csv) and write reports under the skill directory (reports/). The docs repeatedly state no network crawling in this version. A minor note: other documentation files (01-技术方案.md, delivery report) reference external workspace paths (e.g., /home/admin/.openclaw/...) and possible future web-scraping/cron plans — those are not implemented in the code but should be watched for in future releases.
Install Mechanism
This registry entry has no install spec; SKILL.md contains an npm install suggestion. There is no remote download or extract step; dependency installation is standard npm. No high-risk install URLs or archive extraction were observed.
Credentials
The skill declares no required environment variables or credentials and the code does not access secrets or environment variables beyond file-system paths relative to the project directory. Requested permissions are proportionate to the task.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. It writes reports into its own 'reports/' folder and otherwise operates within its project directory. The test script spawns a local Node process to run the MCP server (expected for this platform).
Assessment
This skill appears internally consistent and limited to local CSV processing. Before installing: (1) confirm you are comfortable with it writing reports under the skill directory (reports/), (2) review or replace sample.csv with only data you expect it to read, (3) run the included test (npm test) in an isolated environment if you want to observe behavior, and (4) be cautious when upgrading — repository notes mention potential future web scraping or third-party API integration which would expand network access and may require credentials. If you need absolute assurance, inspect src/server.js and the test script locally (they are small and readable) before enabling the skill in production.src/test/full-test.js:22
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fn6f421fbp9x8n33gbt7c098328mylinguisticsvk97fn6f421fbp9x8n33gbt7c098328mymcpvk97fn6f421fbp9x8n33gbt7c098328myresearchvk97fn6f421fbp9x8n33gbt7c098328mysentiment-analysisvk97fn6f421fbp9x8n33gbt7c098328mysocial-mediavk97fn6f421fbp9x8n33gbt7c098328my
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binsnode