ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

搜爆款作品小助手

v1.0.2

热点分析与爆款挖掘工具;当用户需要热点查询、话题热度分析、选题推荐时使用。挖掘公众号、抖音、小红书三大平台爆款内容,聚合关键词。

0· 70·0 current·0 all-time
by@if530770
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (hotspot analysis for 公众号/抖音/小红书) align with the files and runtime instructions; no unrelated credentials, binaries, or installs are requested.
!
Instruction Scope
SKILL.md mandates reading and strictly following references/core_workflow.md which requires web searches and collecting links from only three platforms. However multiple reference files (keyword-extraction-guide.md, platform-standards.md, angle-mining-guide.md) include templates or guidance that mention other platforms (快手, B站, 知乎 etc.). This contradicts the strict 'only these 3 platforms' rule and may cause inconsistent behavior (agent might include excluded platforms). Instructions otherwise do not request unrelated system files or credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk and no downloads are requested.
Credentials
No environment variables, credentials, or config paths are required — proportional to the skill's described behavior.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request permanent/system-level privileges or modify other skills' configs.
What to consider before installing
This skill is generally coherent and low-privilege, but before installing you should: (1) ask the publisher to clarify and resolve the conflict between core_workflow.md (which forbids platforms beyond 公众号/抖音/小红书) and other reference files that mention 快手/B站/知乎 templates — unclear rules may cause the agent to crawl excluded sites; (2) confirm which browsing/search tool the agent will use and whether search queries or fetched page contents might be sent to third-party services (privacy/data exposure risk); (3) if you run it, test in a sandboxed agent first and monitor web requests to ensure only the intended platforms are queried; (4) if you require guarantees, request the author tighten references to remove templates for excluded platforms or update core_workflow to reflect actual allowed sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vg0mw9namw75wy62jfe4n584r1m1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments