CN Trends Aggregator
v1.0.0中文+全球热榜聚合器。一键获取百度热榜、今日头条、V2EX、Hacker News、GitHub 热门新项目。Use when: user asks about trending topics, hot searches, what's popular, today's hot news, tech trends...
⭐ 0· 519·3 current·3 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (aggregating Baidu, Toutiao, V2EX, Hacker News, GitHub trends) align with the provided Python script which implements fetchers for those sites. One inconsistency: the script uses the curl command-line tool (via subprocess) to perform HTTP requests, but the skill metadata declares no required binaries.
Instruction Scope
SKILL.md only instructs running the included Python script with optional flags (sources, limit, format, proxy). The runtime instructions match the script's behavior and do not ask the agent to read unrelated files, access hidden endpoints, or exfiltrate secrets. Network calls are expected for the stated functionality.
Install Mechanism
There is no install spec (instruction-only skill + bundled script), so nothing is downloaded or written during install. This is the lower-risk model and consistent with the skill's purpose.
Credentials
The skill requires no credentials or environment variables and the script does not read secrets. Note: it calls the public GitHub Search API unauthenticated (subject to rate limits) and supports an arbitrary --proxy value; supplying an untrusted proxy could expose fetched traffic to that proxy.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent system privileges. Autonomous invocation is allowed by default (platform normal) but there is no evidence the skill abuses that.
Assessment
This skill appears to do exactly what it claims: fetch trending items from the listed sources and format them. Before installing or running it: (1) be aware the included Python script uses the curl binary via subprocess — ensure curl is available or update the metadata to declare it; (2) the script makes network requests to public APIs/pages (Hacker News, GitHub, V2EX, Baidu, Toutiao); don't pass an untrusted proxy URL since that proxy would see the requests and responses; (3) GitHub calls are unauthenticated and may be rate-limited — if you expect heavy use, consider adding a token and updating the code/metadata; (4) review the script yourself if you have any concern about outbound network access. If you want a small improvement: replace curl subprocess calls with Python HTTP (requests/urllib) or update the skill metadata to list curl as a required binary.Like a lobster shell, security has layers — review code before you run it.
aggregatorbaidugithubhackernewshotlatestnewstrendingtrendsv2ex
CN Hot Trends — 中文+全球热榜聚合
Quick Start
python3 scripts/fetch_trends.py --proxy http://127.0.0.1:7897 --format markdown
Data Sources
| Source | ID | Content | Auth |
|---|---|---|---|
| 百度热榜 | baidu | 实时热搜,7M+ 热度值 | No |
| 今日头条 | toutiao | 头条热榜 | No |
| V2EX | v2ex | 技术社区热帖 + 回复数 | No |
| Hacker News | hn | 全球科技热帖 + 分数 | No |
| GitHub | github | 近 7 天热门新项目 | No |
Usage
# All sources, markdown output
python3 scripts/fetch_trends.py --format markdown
# Specific sources, JSON output
python3 scripts/fetch_trends.py --sources baidu,v2ex --format json --limit 5
# With proxy (needed for V2EX, HN, GitHub)
python3 scripts/fetch_trends.py --proxy http://127.0.0.1:7897
# Plain text
python3 scripts/fetch_trends.py --format text --limit 10
Options
| Flag | Default | Description |
|---|---|---|
--sources | baidu,toutiao,v2ex,hn,github | Comma-separated source IDs |
--limit | 10 | Items per source |
--format | json | Output: json, text, markdown |
--proxy | none | HTTP proxy URL |
Output Formats
- json: Structured data, good for further processing
- text: Human-readable plain text
- markdown: Formatted tables, good for chat/email output
Tips
- Baidu and Toutiao work without proxy; V2EX/HN/GitHub need proxy in some regions
- Combine with AI analysis: fetch trends → summarize → identify patterns
- Use
--sources githubto discover trending open-source projects - Pair with cron for daily automated briefings
Comments
Loading comments...