ClawHub

Social Media Monitor

v1.0.0

社交媒体舆情分析工具 - 品牌方/电商卖家/运营人员的平价舆情监控助手,支持关键词监测、负面预警、声量趋势分析

0· 139·1 current·1 all-time
by@crystaria
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (social media monitoring, keyword tracking, sentiment, reports) match the shipped code and data files. Declared requirement (node) and dependencies (sentiment, keyword-extractor, @modelcontextprotocol/sdk) are appropriate for the stated functionality.
Instruction Scope
SKILL.md instructs running npm start and mcporter calls; server.js only reads/writes files inside the skill directory (data/*.csv, data/*.json, reports/) and performs local analysis. The README and SKILL.md explicitly state no network crawling and local processing, which the code follows.
Install Mechanism
No custom install script is provided; normal npm install is expected. package-lock shows dependencies pulled from an npm mirror (registry.npmmirror.com) and a moderate dependency tree via @modelcontextprotocol/sdk. This is typical but you may want to inspect transitive dependencies or run npm audit before installation.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond its own data/ and reports/ directories — proportional to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It runs as an MCP server over stdio (expected for an OpenClaw skill). It does not attempt to modify other skills or system-wide configuration; it writes only to a reports/ folder inside the skill directory.
Assessment
This package appears coherent and implements local CSV-based analysis. Before installing: (1) review package-lock and run `npm audit` to check transitive vulnerabilities, (2) run the skill in an isolated/sandboxed environment (or with network blocked) to confirm no unexpected outbound behavior, (3) inspect any CSVs you load for sensitive data (PII) because reports are written locally to reports/, and (4) if you require stricter assurance, search the dependency tree for network-capable libraries and review @modelcontextprotocol/sdk usage. If you want extra safety, run npm install & start on a disposable VM or container first.

Like a lobster shell, security has layers — review code before you run it.

brand-monitoringvk9722gw1smwghp9xva7bvwk7bd832jvhecommercevk9722gw1smwghp9xva7bvwk7bd832jvhlatestvk9722gw1smwghp9xva7bvwk7bd832jvhmarketingvk9722gw1smwghp9xva7bvwk7bd832jvhoperationsvk9722gw1smwghp9xva7bvwk7bd832jvhprvk9722gw1smwghp9xva7bvwk7bd832jvhsentiment-analysisvk9722gw1smwghp9xva7bvwk7bd832jvhsocial-mediavk9722gw1smwghp9xva7bvwk7bd832jvhxiaohongshuvk9722gw1smwghp9xva7bvwk7bd832jvh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnode

Comments