Zhihu Hot CN
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to fetch public Zhihu trending-topic data from GitHub and does not show credential use, destructive actions, or hidden high-impact behavior.
This looks safe for viewing public Zhihu hot-list data. Be aware that it relies on a third-party GitHub data source and that the documented trend-analysis helper scripts are not included in the reviewed files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The results can change based on the third-party repository content, but the artifact does not show code execution from that source.
The script depends on live content from a third-party GitHub repository at runtime. This is disclosed and purpose-aligned for a hot-list skill, but users should understand the output reflects an external public source.
DATA_URL="https://raw.githubusercontent.com/towelong/zhihu-hot-questions/main/README.md" RAW_DATA=$(curl -s "$DATA_URL" 2>/dev/null)
Treat fetched hot-list content as external information and verify important results against Zhihu or the source repository if accuracy matters.
Some documented trend-analysis commands may fail or require files that are not included with this skill.
The documentation references helper scripts for trend analysis that are not included in the provided file manifest, which is a completeness/provenance gap rather than evidence of malicious behavior.
./scripts/compare-trends.sh ./scripts/find-persistent.sh --days 3
Use the included get-hot.sh script as the reviewed functionality, and avoid running any missing helper scripts unless their source is separately provided and reviewed.