Google Reviews Pain Detector
v1.0.0Scrapes Google reviews for businesses to identify pain words related to missed calls and poor phone coverage, scoring lead quality for AI receptionist sales.
⭐ 0· 210·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (detect pain words in reviews) match the code's behavior (scrapes Google/Yelp/Maps and searches review sites). However the script depends on a local 'scrapling' virtualenv at an absolute user path and reads/writes a master lead list at a hardcoded path (/Users/wlc-studio/...). Those local path dependencies are not declared in the skill metadata (requires.env/config paths = none) and are specific to the pack author's environment.
Instruction Scope
SKILL.md instructs scanning single businesses or the full master list and saving HOT leads. The runtime instructions + code will perform headless stealth scraping of Google Search and Google Maps (via StealthyFetcher with cloudflare solving), follow external review links, and (per SKILL.md/flags) can append back to the MASTER_LEAD_LIST. That gives the skill the ability to perform bulk scraping and to read/modify a local lead file — behavior not emphasized in the metadata and potentially unexpected by users.
Install Mechanism
No install spec (instruction-only) which reduces installer risk. But the script forcibly boots a site-packages path for a local virtualenv (/Users/wlc-studio/…/scrapling/.venv/lib/python3.14/site-packages) and will exit if it can't import Scrapling. The lack of an explicit dependency declaration or a standard install step is a usability and coherence issue (the skill relies on an out-of-band local package).
Credentials
Metadata declares no required env vars or config paths, yet the code uses hardcoded filesystem locations (SCRAPLING_VENV_SITE and MASTER_LEAD_LIST) and will read and (per SKILL.md) append to that master lead list. This is a mismatch: the skill silently requires access to specific local files and directories which grant access to potentially sensitive lead data.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not attempt to modify other skills or system-wide configurations in the visible code. Its principal effect on the system is reading/parsing and potentially appending to the MASTER_LEAD_LIST file.
What to consider before installing
This skill appears to implement the advertised scraping and pain-word detection, but it is not self-contained: it expects a local 'scrapling' virtualenv at a hardcoded absolute path and accesses a hardcoded MASTER_LEAD_LIST file in /Users/wlc-studio/. Before installing or running: (1) Verify the scrapling dependency exists and inspect that code (StealthyFetcher can run a headless browser and bypass protections). (2) Back up the MASTER_LEAD_LIST file and confirm you want this skill to read/modify it; the metadata does not declare this required path. (3) Review the rest of detector.py (saving logic) for any network callbacks or hidden uploads (the provided file was truncated). (4) Consider running the script in a sandboxed or isolated environment to avoid large-scale scraping or unintended modifications. (5) Be aware scraping Google/Maps/Yelp may violate terms of service or trigger rate-limiting; if you only need one-off lookups, run per-business rather than --list to reduce blast radius.Like a lobster shell, security has layers — review code before you run it.
latestvk97bk7svrxwat6gdzs77qfwws582bvqz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.