tech-trending-on-github
v1.0.0分析GitHub趋势榜和热门榜,提供技术趋势总结和创新项目介绍。 当用户询问GitHub趋势、热门项目、技术发展趋势、"今天有什么热门"、 "GitHub trending"、"github热门"、"开源趋势"、"技术风向"等话题时, 必须使用此skill获取GitHub官方Trending页面的数据,进行分析总...
⭐ 1· 600·0 current·1 all-time
byMeitu.Inc@meituskills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description match the runtime instructions: the skill fetches GitHub Trending pages and extracts project metadata for trend analysis. It does not request unrelated binaries, environment variables, or config paths.
Instruction Scope
Instructions are generally scoped to fetching and parsing GitHub Trending pages and producing reports. Two minor ambiguities: (1) '主要贡献者 / main contributors' likely requires fetching additional repo pages (not explicitly listed), and (2) comparing to historical trends is suggested 'if available' but no historical data source or storage mechanism is specified — this could lead an agent to use other data sources or local storage if allowed. These are scope/implementation details rather than clear security risks.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk-write and arbitrary-code risks.
Credentials
The skill declares no required environment variables or credentials. It only needs network access to fetch GitHub public pages, which is proportional to its purpose.
Persistence & Privilege
always:false and default autonomous invocation are used. The skill does not request persistent privileges or system-wide config changes. Autonomous invocation is normal and not by itself a concern.
Assessment
This skill is coherent with its description: it fetches public GitHub Trending pages and generates trend reports and does not request secrets or install software. Before installing, be aware that: (1) the skill will make outbound network requests to github.com (and may fetch additional repo pages to get contributors/stats), (2) historical comparisons require some storage or external data source — if you don't want the agent to store past results, confirm where/if it will persist data, and (3) although the skill doesn't request credentials, granting the agent broad network or file system permissions could allow it to access other resources. If you want minimal risk, permit the skill but restrict its ability to persist data or access private repos/tokens and review activity/logs after first use.Like a lobster shell, security has layers — review code before you run it.
latestvk97dsyeaxvbqqddzvpeamx2dnn832k8s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.