ClawHub

输入关键词,自动扫描全网用户痛点,生成PRD并输出OpenClaw标准任务JSON。

v1.0.3

Search web for user pain points and output a PRD JSON.

0· 86·0 current·0 all-time
bySocialite UCL LJH@lijinhongucl-pixel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (search web for pain points and produce PRD JSON) matches what the script and SKILL.md require: python3 and outbound requests to Brave Search and Hacker News (Algolia). Optional environment variables (BRAVE_API_KEY, BAIDU_API_KEY) are appropriate for search integrations. Minor note: BAIDU_API_KEY is declared in metadata/SKILL.md, but the visible portion of scripts/search.py implements Brave and Hacker News searches; if Baidu support is important, verify the full script includes it.
Instruction Scope
SKILL.md instructs the agent to run the included CLI script and return only the final JSON; the script's behavior (query external search APIs, extract snippets, synthesize product name/user stories/features/tasks) stays within that scope. It does not instruct reading unrelated system files or harvesting other credentials. Note: the skill will send the user's keywords to external services (declared in the doc) and the SKILL.md supports scheduling via cron — scheduled runs will repeatedly send whatever keywords are in the payload, so treat keywords as potentially exfiltrated data.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled Python script. Nothing is downloaded during install and no archives are extracted. The only runtime requirement is python3, which is appropriate for a Python script.
Credentials
No required credentials are declared. The only optional environment variables are BRAVE_API_KEY and BAIDU_API_KEY, which are proportional and relevant to the stated purpose. The skill does not request unrelated secrets or system config paths.
Persistence & Privilege
The skill is not configured always:true and does not request elevated or cross-skill configuration changes. disable-model-invocation is false (normal). Cron integration is documented (for scheduled runs) — this is expected functionality but means keywords may be sent automatically when scheduled.
Assessment
This skill appears coherent and implements what it claims, but take the following precautions before enabling it: 1) Do not enter sensitive or confidential keywords — the skill sends keywords to external search APIs (Brave, Hacker News, and possibly Baidu). 2) Store any API keys (BRAVE_API_KEY/BAIDU_API_KEY) in a secure secrets store, not in plain environment variables where possible. 3) Review the full scripts/search.py file to confirm Baidu support (SKILL.md declares BAIDU_API_KEY but the visible snippet only shows Brave and Hacker News usage). 4) If you enable the cron integration, audit scheduled payloads so you do not accidentally leak repeated keywords. 5) Run the script in an isolated environment or sandbox first to observe outbound network targets and returned sources, and verify the sources/quotes included in outputs before trusting them in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720g7w64xr69zz824ackya2184d1je

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3
Environment variables
BRAVE_API_KEYoptionalBrave Search API key for real-time web search
BAIDU_API_KEYoptionalBaidu Search API key for Chinese content search

Comments