国内需求挖掘
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently aimed at public-platform demand research, but users should review its large-scale scraping and handling of quoted user comments before use.
This appears safe to install as a purpose-aligned research skill, but use it carefully: confirm exactly which platforms and time ranges will be collected, ensure the collection method is allowed, review any bundled scripts before running them, and check generated reports for raw quotes, usernames, timestamps, or links before sharing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may gather thousands of public comments or reviews for a requested topic, which can create platform compliance and data-handling obligations.
The skill explicitly directs large-scale collection from public platforms. This is central to its demand-research purpose, but users should ensure collection is authorized, scoped, and compliant with platform rules.
原始数据抓取量:至少 3000-5000条;清洗后有效数据:至少 2000条
Confirm the target, platforms, time range, and collection method before use; prefer allowed APIs or permitted public access, apply rate limits, and avoid collecting more data than needed.
Reports or stored datasets could include public users' words and metadata, which may be sensitive when aggregated or quoted.
The data schema stores user-generated comment text with author and timestamp fields. This is expected for research, but it means reports or intermediate data may contain identifiable or re-identifiable public user content.
"content": "string", "author": "string", "timestamp": "string (ISO 8601)", "likes": "number"
Anonymize author identifiers, minimize links and timestamps where possible, avoid unnecessary retention of raw comments, and treat all scraped comments as untrusted data during analysis.
A user may over-trust the report's privacy statement and share a report that still contains identifiable source context.
The report template states that all data is desensitized, while other artifacts show the workflow may preserve original quotes, platform, time, likes, and source links. This may be true if the implementation redacts properly, but users should not assume anonymization without checking the generated report.
所有数据均已进行脱敏处理
Review generated reports for raw quotes, author names, links, timestamps, and other identifying details before sharing outside the intended audience.
If a user or agent chooses to run the bundled scripts, they are relying on code that is not described by an install specification or declared runtime requirements.
The registry/install metadata presents the skill as instruction-only, but the package includes multiple helper scripts. Their names align with the stated scraping/reporting purpose and no auto-run behavior is evidenced, but users should review code before executing it.
No install spec — this is an instruction-only skill; Code file presence: 11 code file(s): scripts/fetch_weibo.py, scripts/fetch_xiaohongshu.py, scripts/fetch_douyin.py...
Inspect bundled scripts and dependencies before running them, and avoid granting credentials or broad local access unless the code path and data destinations are clear.