ClawHub

Trend Watcher

v1.0.1

Monitors GitHub Trending and tech communities to track and analyze emerging tools in CLI, AI/ML, automation, and developer categories.

7· 5.6k·48 current·48 all-time
by@guogang1024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements fetching GitHub Trending, filtering, analysis, and local bookmarking which fits the 'Trend Watcher' purpose. However SKILL.md claims integrations (Feishu documentation, 'daily memory files') that are not present in index.js, and the code hardcodes a workspace path (/home/vken/.openclaw/workspace) tied to a specific user—this mismatch suggests sloppy packaging or leftover dev configuration.
!
Instruction Scope
SKILL.md instructs the agent to run the tool and save bookmarks (with examples referencing a user-specified file), but the code reads/writes a hardcoded bookmarks file path. The skill performs network requests to github.com/trending and file I/O in the user's workspace; the instructions do not clearly document the exact file path or the network behavior, so the runtime actions are not fully disclosed in the SKILL.md.
Install Mechanism
No install specification is provided (instruction-only with a code file). There are no external downloads or package installs declared, so nothing is automatically written to disk beyond the included code and its normal runtime file I/O.
Credentials
The skill requests no environment variables or credentials (good). Still, it performs filesystem writes/reads in a hardcoded user path and will write bookmark JSON to disk; this is a proportionate capability for a bookmarking tool but the hardcoded path and fixed username reduce transparency and portability.
Persistence & Privilege
The skill does not request elevated platform privileges or 'always' presence. Its persistence consists of writing/reading a bookmarks file in a workspace directory. It does not modify other skills or global agent settings.
What to consider before installing
Before installing, consider: (1) review/confirm the hardcoded workspace path (/home/vken/.openclaw/workspace) — change it to a safe, explicit path or make it configurable so it doesn't accidentally write into your home directory; (2) the SKILL.md mentions Feishu and 'daily memory files' but the code does not implement those integrations — ask the author or inspect code for missing features; (3) the tool fetches GitHub Trending pages over HTTPS and writes bookmarks locally — run it in a sandbox or non-production account first and inspect the bookmark file contents to ensure no sensitive data is written; (4) because the packaging is sloppy (missing description/homepage, hardcoded username), prefer to get a clarified/cleaner release or the source repository before trusting it widely. If you need higher assurance, request the upstream repository or an explanation for the hardcoded path and the claimed Feishu integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk973njx02nqf13x64jpc95xeed80fp2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments