ClawHub

今日热点

v0.1.2

用于拉取并展示热点内容(接口为 https://hotspot.api4claw.com/hotspots/platform/{平台名}?timestamp=$TIME_STEMP,返回 JSON 数组)。按 source_name 分组标题。默认会提示用户创建定时任务(不自动执行),在用户确认后提供 cron...

0· 103·0 current·0 all-time
by@xltang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe pulling hotspot data from https://hotspot.api4claw.com and the SKILL.md explicitly instructs calls to those endpoints; no unrelated binaries, creds, or config paths are requested.
Instruction Scope
Runtime instructions are narrowly scoped: generate minute-resolution TIME_STEMP, call the declared endpoints via the web_fetch tool, parse JSON, and present grouped titles. The doc explicitly forbids local persistence, caching, or fabricating results. Cron setup is optional and requires user approval.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface. No downloads, no archives, no package installs.
Credentials
No environment variables, credentials, or config paths are required. The single network target (hotspot.api4claw.com) is consistent with the skill's function.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It proposes optional cron creation but requires explicit user confirmation and provides manual commands rather than auto-execution.
Assessment
This skill appears coherent and limited to fetching JSON from hotspot.api4claw.com and presenting grouped titles. Before installing, confirm you trust the remote API/domain (hotspot.api4claw.com) because fetched content will be displayed, and review any cron command before accepting automated scheduling. No credentials are requested, but avoid enabling scheduling or running provided shell commands without verifying the exact replacements (channel/user placeholders) and that the cron message won't leak sensitive context. If you need stronger guarantees, test a manual invocation first and inspect the raw JSON returned.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cnke8j2010wqjsx62jttaen84sncq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments