微信公众号阅读增长榜
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs bundled Python code on the agent environment to fetch the ranking.
The normal workflow requires executing the bundled Python script. The reviewed script is purpose-aligned and limited to date parsing, an HTTPS API request, and Markdown rendering, but users should still know local code is run.
python scripts/fetch_growth_rank.py --rankDate "<yesterday|today|YYYY-MM-DD>" --source "公众号阅读增长榜-ClawHub"
Use the documented command path and arguments only, and review the script if operating in a sensitive environment.
The skill relies on a shared embedded API token to access the provider endpoint; no user secrets are requested or exposed by the artifacts.
The script sends a bundled static token to the ranking API. This appears to be a provider/API credential rather than a user credential and is disclosed in the code and API spec.
"N-Token": "2f9f88dbb743423dbf0a8db2977c49eb"
Do not add personal credentials to this skill, and publishers should document and rotate embedded provider tokens as needed.
Users have less external context for who operates the API endpoint or maintains the skill.
The package provenance is limited, while the skill depends on a bundled script and a third-party API endpoint. No malicious install behavior is shown, but verification options are limited.
Source: unknown; Homepage: none
Install only if you trust the publisher and are comfortable with the disclosed external API dependency.
The ranking table may be useful, but the score calculation may not be exactly what the documentation describes.
The documentation's scoring formula does not match the script's implemented min-max interaction scoring, which may affect how users interpret the reported '综合评分指数'.
core_workflow: "综合评分指数」计算公式:8 + 2 × ..."; script: "维度1:总互动量...权重40% ... 维度2:加权互动值...权重60%"
Treat the score as an implementation-specific metric unless the publisher aligns the documentation and code.