ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Trends

v1.0.0

Monitor Google Trends - get trending searches, compare keywords, and track interest over time. Use for market research, content planning, and trend analysis.

1· 2.5k·16 current·17 all-time
by@satnamra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Google Trends monitoring) aligns with the provided instructions and scripts: they fetch publicly-available RSS/explore URLs from trends.google.com and format or construct URLs for comparison.
Instruction Scope
SKILL.md and trends-daily.sh only perform public web fetches and local text processing (curl, grep, sed, nl, open). The doc shows a trends-compare.sh snippet but that file is not present in the bundle — minor inconsistency. Instructions reference the 'open' command (platform-specific) and rely on common CLI tools that the runtime must provide.
Install Mechanism
No install spec — instruction-only skill and a tiny included script. Nothing is downloaded or written during install, which minimizes disk/remote code risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill's network access is limited to public Google Trends endpoints, which matches its purpose.
Persistence & Privilege
always is false and there is no elevated persistence or cross-skill configuration. Autonomous invocation is allowed by default (normal); the example cron payload would cause the agent to run the described workflow, which is consistent with the skill's purpose.
Assessment
This skill fetches public Google Trends pages (trends.google.com) and runs small shell commands to format results — it does not ask for credentials or install code. Before installing: (1) confirm your runtime has curl/grep/sed/nl (the skill didn't declare required binaries); (2) be aware network requests to Google will reveal your IP to Google and may be rate-limited; (3) the SKILL.md references a compare script that isn't included — verify expected files; (4) the skill uses the 'open' command in examples (may behave differently on non-macOS systems); (5) if you prefer the agent not run automatically on a schedule, disable autonomous/cron invocation in your agent config. Overall this appears coherent and proportional to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vdg61sgyfsvttd45c943zd812f25

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis

Comments