Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (fetch platform hot searches) aligns with the included Python script which scrapes/queries Weibo, Douyin, and Baidu. One minor mismatch: SKILL.md declares python3 as a required binary but does not mention Python library dependencies (requests, lxml) that the script imports — this is a functionality/packaging omission, not a security mismatch.
Instruction Scope
SKILL.md instructs the agent to run the provided script with a JSON parameter. The script only parses that parameter and issues HTTP GET requests to public endpoints (weibo.com, iesdouyin.com, top.baidu.com) and prints JSON results. It does not read local files, environment variables, or send data to unknown third-party endpoints.
Install Mechanism
There is no install spec (instruction-only skill) and no downloads; that is low risk. Note: the script depends on third-party Python packages (requests, lxml) which are not listed in the SKILL.md or manifest; installing those from PyPI would be necessary for functionality.
Credentials
The skill requests no environment variables or credentials and does not access config paths. The absence of secrets is appropriate for a public-web-scraping/trending-fetching tool.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify agent configuration or other skills. It is user-invocable and can be called autonomously (platform default) but does not request elevated/persistent privileges.
Assessment
This skill appears to do what it claims — fetch public hot-search lists — and does not request credentials. Before installing: (1) be aware it makes outbound HTTP requests to the three platforms; if you run in a restricted/network-aware environment, allow those domains. (2) The script requires Python packages (requests, lxml); install them from PyPI or run in a virtualenv. (3) Run it in an isolated environment if you have network-security concerns (it performs web scraping only). (4) Review the script if you need stricter assurance — currently there are no hidden endpoints, file reads, or secret exfiltration patterns.Like a lobster shell, security has layers — review code before you run it.
latestvk975r7qp9nsyp20jkpkkrff01n83gkz1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔥 Clawdis
Binspython3