ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

geo-quickhook

GEO售前快速钩子。输入客户品牌+5-8个头部竞品+1-2个签约词,5引擎并行采集,输出一张对比卡:客户排名末尾红色高亮,竞品头部绿色领先,一眼制造焦虑触发签约。触发词:"售前钩子"、"快速分析"、"给销售出个报告"、"geo-quick-hook"、"客户现在多差"、"信源分析"、"竞品信源对比"。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 32 · 0 current installs · 0 all-time installs
by@hanwenyolo-dot
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to query multiple AI 'engines' and produce a competitive HTML card — the included Python script implements that flow and requires an LLM API (LLM_API_KEY/LLM_BASE_URL/LLM_MODEL), which is consistent with the stated purpose. However, the skill metadata declares no required environment variables while SKILL.md and the script clearly require an LLM API key and related vars.
!
Instruction Scope
SKILL.md instructs spawning a sub-agent to run a local Python script, launching a local HTTP server, reading ~/Desktop for the generated HTML, opening it in a browser, taking screenshots, and sending images to Feishu. These steps involve local process control (pkill), file-system assumptions (Desktop path), and external messaging that are broader than a simple API query flow and are not fully justified or documented (e.g., no Feishu credentials declared).
Install Mechanism
There is no install spec (instruction-only), so nothing will be written automatically — lower install risk. However the code imports the OpenAI client (openai.OpenAI) but the skill does not declare Python package dependencies or provide an install step; users must manually install Python dependencies (e.g., openai package).
!
Credentials
The runtime explicitly requires LLM_API_KEY, LLM_BASE_URL, and LLM_MODEL, but the skill metadata lists no required env vars. The SKILL.md also expects Feishu messaging (a target open-id) but does not declare any Feishu credentials or how those are supplied. The LLM key will be reused for all 'engines' unless the user configures an ENGINE_MAP, which may be unexpected.
Persistence & Privilege
always:false and no special platform privileges are requested. The skill asks the agent to spawn a sub-agent and to use browser/file actions to post a screenshot to Feishu — this is normal for a user-triggered tool but increases the blast radius if used with real credentials. The skill does not request permanent/always-on installation.
What to consider before installing
This skill implements the advertised pre-sales report, but there are some mismatches and missing declarations you should address before running it: - The SKILL.md and script require LLM_API_KEY, LLM_BASE_URL, and LLM_MODEL, but the package metadata lists no required environment variables — set these yourself only in a safe/testing environment and confirm where they are stored. - The Python script uses the OpenAI client; install and audit Python dependencies (e.g., pip install openai) before running. - SKILL.md assumes the generated HTML will be on ~/Desktop and runs a local http.server plus pkill and browser/screenshot actions. Verify the script's output location and consider running it in an isolated directory or sandbox to avoid accidental exposure of other files. - The Feishu send step uses a placeholder open-id (YOUR_FEISHU_OPEN_ID) and expects the agent/platform to have Feishu messaging configured — confirm what credentials are used and where they are stored before enabling send actions. - Because the script reuses the same LLM API key across multiple 'engines', be aware this concentrates access to a single credential; if you expect per-engine keys, configure ENGINE_MAP explicitly. Recommended actions: review the full quick_hook.py (complete file), install dependencies in a virtualenv, run locally on non-production credentials first, and request that the author update the skill metadata to declare required env vars and dependencies to remove ambiguity.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
ai-seovk97838c36k939ssc8pqp4qwjan831xh4brand-visibilityvk97838c36k939ssc8pqp4qwjan831xh4geovk97838c36k939ssc8pqp4qwjan831xh4latestvk97838c36k939ssc8pqp4qwjan831xh4presalesvk97838c36k939ssc8pqp4qwjan831xh4salesvk97838c36k939ssc8pqp4qwjan831xh4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GEO Pre-Sales Quick Hook

📌 Skill Overview

Pre-Sales Quick Hook is the first step in the GEO product sales pipeline, designed specifically for sales scenarios:

Sales rep has a target client + 1-2 target keywords → Quickly generate a competitive comparison card → Show the client how far behind they are → Create urgency → Trigger sign-up

Relationship with other tools:

  • geo-quick-hook (this tool) = Pre-sales hook (create urgency, trigger sign-up intent)
  • geo-brand-extractor = Pre-sales keyword selection (determine which keywords to target)
  • geo-visibility-tracker = Post-sign-up baseline (full 48 questions, establish comparison starting point)
  • geo-after-sale = Post-sale delivery (monthly progress reports)

Core visual: Competitive ranking chart with the client at the bottom, highlighted in red ⚠️ — instantly devastating.

Report naming convention: GEO_QuickHook_[BrandName]_5engines_[YYYYMMDD].html

🚀 Execution Flow (Three Questions + Sub-Agent Execution)

Rule: After all three questions are confirmed, you must spawn a sub-agent to execute — the Main Brain does not run scripts directly.

Step 1: First Question

Got it, launching pre-sales hook analysis! 🎯

① What is the target client's brand name?

⏸️ Wait for answer

Step 2: Second Question

Got it! ② Who are the competitors? We recommend 5-8 top industry names.
(The bigger the competitors, the more impactful the contrast!)

⏸️ Wait for answer

Step 3: Third Question

③ What are the target keywords? 1-2 is ideal — focus the firepower.
(These are the keywords the sales rep is pitching to this client.)

⏸️ Wait for answer, then spawn sub-agent to execute

Step 4: Spawn Sub-Agent

Sub-agent execution command:

python3 <skill_dir>/scripts/quick_hook.py \
  --brand "[BrandName]" \
  --competitors "[Comp1,Comp2,Comp3...]" \
  --keywords "[keyword1,keyword2]"

Environment variables must be set in advance:

export LLM_API_KEY="your-api-key-here"
export LLM_BASE_URL="https://api.openai.com/v1"
export LLM_MODEL="gpt-4o"

After the report is generated, screenshot and send via Feishu (html-to-feishu standard flow):

HTML_FILE=$(ls -t ~/Desktop/GEO_QuickHook_*.html | head -1)
ENCODED=$(python3 -c "import urllib.parse,os; print(urllib.parse.quote(os.path.basename('$HTML_FILE')))")
pkill -f "http.server 18899" 2>/dev/null
python3 -m http.server 18899 --directory ~/Desktop &
SERVER_PID=$!
for i in 1 2 3 4 5; do
  STATUS=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:18899/" 2>/dev/null)
  if [ "$STATUS" = "200" ]; then break; fi
  sleep 1
done
browser(action="open", profile="openclaw", url="http://localhost:18899/$ENCODED") → targetId
browser(action="screenshot", profile="openclaw", targetId=targetId, fullPage=True, type="jpeg") → img_path
local_path = img_path.replace("MEDIA:", "")  # strip prefix to get local path
message(action="send", channel="feishu", target="user:YOUR_FEISHU_OPEN_ID",
        message="⚡ [BrandName] Pre-Sales Hook Report — Competitive ranking at a glance!")
message(action="send", channel="feishu", target="user:YOUR_FEISHU_OPEN_ID",
        media=local_path)
kill $SERVER_PID 2>/dev/null

📊 Output Description

ModuleContent
CoverBrand name + 5 engines + date
Comparison card (per keyword)Brand × engine matrix + combined average bar chart + fatal conclusion
Citation comparison rowWhether competitors appear as citations (✅ cited / - listed only) + citation warning text
Bottom hook"Want to learn how to change this?" (fixed copy)

🔧 Technical Details

Script path: skills/geo-quick-hook/scripts/quick_hook.py

5 engines: Qwen / Doubao / DeepSeek / Kimi / Ernie (parallel collection)

Note: In the open-source version, all engines share the same LLM_API_KEY / LLM_BASE_URL / LLM_MODEL environment variables. To connect each engine to its own independent API, configure separate environment variables in ENGINE_MAP.

Usage example:

export LLM_API_KEY="sk-xxxx"
export LLM_BASE_URL="https://api.openai.com/v1"
export LLM_MODEL="gpt-4o"

python3 quick_hook.py \
  --brand "Brand X" \
  --competitors "CompA,CompB,CompC,CompD,CompE" \
  --keywords "keyword1,keyword2"

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…