ClawHub

Review Sentinel

v1.2.0

Monitor, analyze, and respond to Google reviews for local businesses. Use when asked to check reviews, analyze review trends, draft review responses, generat...

0· 82·0 current·0 all-time
by@rolarenagent-cpu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and runtime instructions. The only required credential is GOOGLE_PLACES_API_KEY, which is exactly what the Places API integration needs. The included scripts implement fetching (Places API and scraping fallback), analysis, reporting, and state management — all consistent with the stated purpose.
Instruction Scope
Instructions are scoped to fetching reviews, analyzing them, drafting responses, and storing state in a local skill directory. Note: the fallback scraping and the browser-assisted flow ask the agent to capture page HTML (browser automation); that can include extra page content beyond reviews. The SKILL.md correctly warns about rate limits and human-in-the-loop response posting. Storing reviewer names/text locally (state/*.json, reports/) is expected but has privacy implications.
Install Mechanism
Instruction-only skill with bundled Python scripts and no install spec. The code uses only Python stdlib (urllib, json, re, etc.) — no external downloads or third-party packages. This is low risk from an installation perspective.
Credentials
Only a single credential (GOOGLE_PLACES_API_KEY) is requested, which is proportional. The code also supports reading credentials/google-places-api-key as a local fallback file (documented in SKILL.md). No other secrets, system config paths, or unrelated environment variables are requested or accessed.
Persistence & Privilege
always is false and the skill does not request elevated or platform-wide persistence. It writes state and reports to a local directory (review-sentinel/state, review-sentinel/reports) which is expected behavior for this functionality.
Assessment
This skill is internally consistent, but consider the following before installing: 1) Protect your GOOGLE_PLACES_API_KEY (it is the only credential used); prefer providing it via environment variable rather than a plain-text credentials file. 2) The skill writes review data (author names, review text) and reports to local files — review-sentinel/state/ and reports/ — so treat those files as containing potentially sensitive customer data. 3) The scraping fallback and browser-assisted flow capture full Google Maps HTML; this may include extraneous content and may violate Google’s terms of service — prefer the Places API when possible and respect rate limits. 4) The scripts are standard Python stdlib only, but inspect and run them in a controlled environment (sandbox or container) if you’re concerned. 5) Keep the human-in-the-loop behavior: do not enable any automated posting of replies. If you need higher assurance, ask the publisher for the canonical homepage/repository or a signed release and consider rotating the API key after initial use.

Like a lobster shell, security has layers — review code before you run it.

latestvk979v35kmxjtcg1371x05x8mys84e8z8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGOOGLE_PLACES_API_KEY
Primary envGOOGLE_PLACES_API_KEY

Comments