GitHub每日热榜前十项目名称和简介获取
PassAudited by ClawScan on May 7, 2026.
Overview
This skill appears to do what it says: run a small local script that fetches GitHub trending projects and formats them for Chinese translation.
This skill looks safe for its stated purpose. Before installing, note that it runs a local Python script and reaches out to GitHub over HTTPS; it also assumes Python packages like requests and bs4 are available even though they are not declared in the metadata.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs a Python file from the skill directory on the user's machine or agent environment.
The skill explicitly tells the agent to execute an included Python script. This is purpose-aligned and narrowly scoped, but it is still local code execution users should notice.
cd github-trending && python github-trending.py
Only install/run it if you are comfortable executing the included script; the provided script appears limited to fetching and printing GitHub trending data.
The skill may fail unless these packages are already installed, or the user may need to install them separately.
The script imports third-party Python packages, while the metadata/install information does not declare runtime dependencies or pinned versions. This is not malicious, but it is an under-declared dependency/provenance detail.
import requests from bs4 import BeautifulSoup
Review or install dependencies from trusted sources, and consider adding explicit dependency declarations if packaging this skill.