ClawHub

thought-leader-tracker

v1.0.0

Daily automated collection of podcasts, interviews, and videos from thought leaders across YouTube, Apple Podcasts, and Spotify. Generates Markdown reports w...

0· 65·0 current·0 all-time
by@rickytsao-swordedge
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with included files: a Bash CLI and a Node.js collector that query public iTunes (Apple Podcasts) APIs and contain placeholders for YouTube/Spotify integration. No unrelated credentials, binaries, or privileged system paths are requested.
Instruction Scope
SKILL.md and the scripts restrict activity to reading config.json, calling public iTunes endpoints, generating Markdown reports in daily-logs/, and optionally using YouTube/Spotify APIs (not implemented in this copy). The docs mention setting YOUTUBE_API_KEY for production; the code only has commented placeholders for using that key. Minor scope note: the add-person flow in the Bash script prints a JSON entry but does not actually modify config.json — this is a functional issue rather than malicious scope creep.
Install Mechanism
There is no install specification that downloads or extracts remote archives; the skill is instruction+source only. Included files are local and do not pull arbitrary external code at install time.
Credentials
The skill does not require environment variables by default. SKILL.md advises configuring YOUTUBE_API_KEY and Spotify OAuth for full functionality — these are proportionate and expected for those integrations. No unrelated secrets are requested.
Persistence & Privilege
always is false, autonomous invocation is the platform default, and the skill does not modify other skills or global agent settings. It writes reports only into its own daily-logs/ directory (no system-wide changes).
Assessment
This skill appears coherent with its stated purpose. Before installing: (1) Note that full YouTube/Spotify support in production will require you to supply API credentials — only provide those to this skill if you intend to enable those integrations and you trust the skill; check any future changes that add network endpoints. (2) The skill writes scraped results into ~/.openclaw/skills/thought-leader-tracker/daily-logs/, so consider whether that data (reports) should be stored on the host or handled elsewhere. (3) It requires Node.js to run; optionally jq improves CLI output. (4) The add-person flow in the provided bash script does not persist entries automatically — edit config.json directly for reliable configuration. (5) If you plan to run it on a schedule, add the cron entry yourself rather than granting it always-on privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk976g33d16w470snzf59gy65nx83ppaz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments