ClawHub

jike-seo

v1.0.4

极客增长SEO — 关键词数据平台。跨平台(抖音、小红书、微信)搜索关键词,获取搜索量、竞争度、相关词、下拉词等核心指标。支持快速搜索和深度分析。适用场景:关键词研究、竞争分析、内容优化、平台选择、蓝海词发现、关键词趋势分析、受众分析。当用户提到关键词研究、搜索量分析、竞争度、平台搜索、内容优化、竞品分析、蓝海词...

1· 87·0 current·0 all-time
by@mzoob
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (python3), primary credential (JIKE_SEO_API_KEY) and the included script all align: the skill queries a remote keyword-data API and formats results. No unrelated credentials or system-level accesses are requested.
Instruction Scope
SKILL.md strictly instructs using the included Python script and the script itself only reads the JIKE_SEO_API_KEY env var and issues HTTPS GET requests to the service endpoints (/keyword/search, /keyword/detail). It does not instruct reading other system files or sending data to third-party endpoints outside the documented API host.
Install Mechanism
There is no installer or remote download; the skill is instruction-only with a bundled Python script. No archives are fetched or arbitrary code executed at install time.
Credentials
Only a single API key (JIKE_SEO_API_KEY) is required, which is proportionate. Notes: the script's 'check' command prints a partially redacted API key (first 10 and last 4 chars) which could appear in logs/conversation transcripts; all keyword queries are transmitted to the service domain (dso100-related hosts), so sensitive phrases should not be queried if you don't want them sent to the provider.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not persist credentials on disk (scripts/config.json is present but empty). Autonomous invocation is permitted (platform default) but is not combined with elevated privileges here.
Assessment
This skill appears to do what it says: it runs a bundled Python CLI that sends your keyword queries to the provider's API and requires an API key. Before installing: 1) Only provide a JIKE_SEO_API_KEY you trust to this skill — the key will be sent as a bearer token to the service. 2) Avoid querying sensitive or private phrases (they will be transmitted to the remote API). 3) The 'check' command prints a partially redacted API key — that output may appear in logs or conversation history, so avoid running it in shared logs if you need secrecy. 4) Confirm you trust the provider (dso100 / the listed domains) — the script contacts dso-dataserver.dso100.com and the SKILL.md references the service homepage. 5) If you need stronger assurance, review the provider's privacy policy and limit/rotate the API key if it is exposed.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vn2dpf8zka6cqv2ndmb4f183war8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3
Primary envJIKE_SEO_API_KEY

Comments