ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gnview Kit

v1.0.1

抖音数据分析工具集,包含视频数据分析、用户画像分析、趋势统计等完整分析能力。适用于抖音数据深度挖掘和报告生成场景。

0· 101·0 current·0 all-time
by@gnview

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gnview/gnview-kit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gnview Kit" (gnview/gnview-kit) from ClawHub.
Skill page: https://clawhub.ai/gnview/gnview-kit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gnview-kit

ClawHub CLI

Package manager switcher

npx clawhub@latest install gnview-kit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (抖音数据分析与飞书写入) align with the SKILL.md workflow (collect, analyze, write to Feishu). However the skill relies on several external '关联技能' (gnview-douyin-video-download, gnview-script-extraction, gnview-api-downloader) that are not included or declared as dependencies in the registry metadata; that makes the actual runtime capability dependent on other (unseen) components.
Instruction Scope
SKILL.md instructs the agent to read the skill-local config.json and to call associated downloader/extraction skills and Feishu APIs; it does not instruct reading unrelated system files. But it delegates network calls and credential handling to other skills (not present), which expands scope implicitly. The doc advises storing API keys in env vars (good practice) but does not enumerate which env vars are required at install time.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk by an installer. This is lower risk from an install mechanism perspective.
!
Credentials
Registry metadata declares no required env vars, but config.json includes a reference to ARK_API_KEY and a downloader-api base_url; SKILL.md also references needing API keys for Feishu and other services. The skill therefore omits declaring credentials it clearly expects to use. The mismatch between 'no env vars required' and the config.json/README expectations is an incoherence and increases risk (hidden credential requirements).
Persistence & Privilege
The skill is not set to always:true and does not request persistent/system-wide configuration changes in its instructions. It is user-invocable and allows model invocation (the normal default).
What to consider before installing
This skill claims to perform Douyin (抖音) data analysis and write results to Feishu, which is plausible from the README. But it relies on other unnamed/undistributed 'associated skills' and references an ARK_API_KEY in config.json even though the registry lists no required environment variables. Before installing or providing secrets: 1) Ask the publisher for the source code or links to the referenced associated skills (gnview-douyin-video-download, gnview-script-extraction, gnview-api-downloader) so you can inspect what they do and what credentials they need. 2) Do not provide broad credentials (e.g., full Feishu admin keys, AWS keys) until you confirm minimum required scopes; prefer a least-privilege API token for Feishu. 3) Verify what 'ARK_API_KEY' is and who runs that service (its domain/operator) — avoid sending secrets to unknown third parties. 4) Test in a sandbox account (a throwaway Feishu space) before using production data. 5) If you must use it, supply credentials via environment variables or a secrets manager and rotate them after testing. These steps will reduce the risk posed by the undocumented, external dependencies and hidden credential expectations.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744m902kgsaqkchh9e2jcrfs84n9s5
101downloads
0stars
2versions
Updated 2w ago
v1.0.1
MIT-0
@gnview
latest
Download

gnview-kit

功能概述

本技能集为抖音视频数据分析与飞书多维表格同步的完整解决方案,核心能力包括:

  • 抖音视频元数据获取与下载
  • 抖音视频脚本/字幕提取与分析
  • 飞书多维表格数据校验与写入
  • 分析结果云文档关联与同步

核心流程

  1. 环境校验:验证飞书多维表格权限与依赖服务状态
  2. 数据采集:通过关联技能获取抖音视频元数据、下载视频、提取脚本内容
  3. 数据处理:标准化分析结果,生成结构化数据
  4. 同步写入:将处理后的数据写入目标飞书多维表格
  5. 文档关联:生成并关联飞书云文档存储详细分析内容

配置说明

所有配置项均统一存放在技能目录下的config.json文件中,需在使用前完成配置:

配置项路径类型示例值说明
global.bitable.base字符串https://feishu.cn/base/xxx飞书多维表格基础URL
global.bitable.table字符串tblsh3nGcKBMbb4G目标数据表ID
global.download.path字符串./download视频文件下载保存路径
global.download.name字符串$aweme_id.mp4下载文件名模板(支持$aweme_id变量)

关联技能

  • gnview-douyin-video-download
  • gnview-script-extraction
  • gnview-api-downloader

数据字段规范

写入多维表格的标准字段如下:

字段名称字段类型示例值说明
视频原链接文本https://www.douyin.com/video/7615937081646272185原始抖音视频地址
视频ID文本7615937081646272185抖音视频唯一标识
抖音号文本unique_id(抖音号)视频发布者抖音号
发布时间日期1712345678000视频发布时间戳
视频标题文本抖音视频分析教程视频标题内容
下载链接超链接http://xxx/api/download?url=https://www.douyin.com/video/7615937081646272185带下载前缀的视频地址
分析文档链接超链接https://feishu.cn/docx/[doc_id]存储详细分析结果的飞书文档

注意事项

  1. 确保目标飞书多维表格已配置正确的写入权限
  2. 依赖的关联技能(gnview-api-downloader)需提前完成配置
  3. 所有API调用需遵守抖音开放平台的限流规则,建议添加重试与延迟机制
  4. 批量处理时建议添加分页逻辑,避免触发飞书API频率限制
  5. 敏感配置信息(如API密钥)请勿直接提交至代码仓库,使用环境变量或加密存储

Comments

Loading comments...