ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TrendProof

v1.2.2

Query TrendProof (trendproof.dev) for keyword trend velocity scores. Returns velocity score, trend direction (rising/stable/falling), monthly search volume,...

0· 207·1 current·1 all-time
by@akvise

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for akvise/trendproof.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "TrendProof" (akvise/trendproof) from ClawHub.
Skill page: https://clawhub.ai/akvise/trendproof
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install trendproof

ClawHub CLI

Package manager switcher

npx clawhub@latest install trendproof
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (query TrendProof) matches the included CLI script which performs HTTP calls to trendproof.dev. However the registry metadata declared no required env vars or config paths while the code actually reads TRENDPROOF_API_KEY and TRENDPROOF_BASE_URL and reads/writes a config file at ~/.config/clawdbot/trendproof.json. That mismatch between declared requirements and actual behavior is an incoherence the user should notice.
!
Instruction Scope
SKILL.md instructs the agent to check for an API key and — if missing — to ask the user to "Copy your key ... and send it to me." That phrasing encourages users to paste a secret directly into the chat session. The script also documents running a configure command which writes the key to disk; both behaviors are within the stated purpose (calling the API) but create clear opportunities for sensitive data exposure if the user follows the 'send it to me' path. Otherwise the instructions stick to API calls and expected CLI usage.
Install Mechanism
No install spec (instruction-only + a pure-Python script included). The script uses only the Python standard library and does not download external code, so installation risk is low.
!
Credentials
Providing an API key (TRENDPROOF_API_KEY) is proportionate to the skill's function, but the metadata advertised no required env vars while the code relies on them. The script also accepts TRENDPROOF_BASE_URL as an override — useful for testing but potentially dangerous because a malicious or misconfigured base URL would cause the skill to send the API key and requests to an arbitrary endpoint. The script persists the key to ~/.config/clawdbot/trendproof.json, which is expected behavior but should be disclosed up-front in the metadata.
Persistence & Privilege
The skill is not always: true and does not request elevated privileges. It does persist user API keys to a local config file and supports an override env var for base URL. Autonomous invocation (default) is allowed — normal for skills — so consider that the agent could use a stored key without further prompts.
What to consider before installing
This skill appears to implement the advertised TrendProof API calls, but there are a few things to watch before installing or using it: - Do not paste your API key into chat. SKILL.md's wording encourages users to "send it to me"; instead run the provided configure command locally (python3 skills/trendproof/scripts/trendproof.py configure --api-key TRND_xxxxx) or set TRENDPROOF_API_KEY in your shell. Pasting secrets into a conversation can expose them to logs or the agent's memory. - Expect the script to write the key to ~/.config/clawdbot/trendproof.json. If you prefer not to store the key on disk, use an environment variable for the session and remove it when done. - The script allows overriding the API base URL via TRENDPROOF_BASE_URL. Leave this unset unless you trust the endpoint; a malicious override would cause your API key and requests to be sent to an arbitrary server. - Metadata omitted the config/env requirements; if you want to be cautious, review the included scripts/trendproof.py yourself (or have a trusted developer do so) before supplying credentials and confirm the owner/source of the skill (source is listed as unknown). - If you still want to use it: prefer setting TRENDPROOF_API_KEY in your environment or running the configure command locally rather than pasting the key into agent chat, and review the saved config file to verify only the expected key is stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0he90w1wk5v1s8j70bcz8h833432
207downloads
0stars
5versions
Updated 23h ago
v1.2.2
MIT-0
@akvise
latest
Download

TrendProof

Trend velocity intelligence for AI agents. Check whether a keyword is rising, stable, or falling before you create content, run ads, or build a product.

Live at trendproof.dev

Setup (API key)

Before doing anything else — check if the API key is already configured:

python3 skills/trendproof/scripts/trendproof.py configure --show

If no key is found, stop and tell the user exactly this (do not attempt any API calls):

"To use TrendProof, you need a free API key.

  1. Open https://trendproof.dev/dashboard#keys (sign up if needed — 5 free trial credits included)
  2. Copy your key (starts with TRND_) and send it to me"

Once the user provides the key, save it:

python3 skills/trendproof/scripts/trendproof.py configure --api-key TRND_xxxxx

Or set the environment variable:

export TRENDPROOF_API_KEY=TRND_xxxxx

Analyze a single keyword

python3 skills/trendproof/scripts/trendproof.py analyze "AI agents"

Example output:

  Keyword      ai agents
  Velocity     [████████████░░░░░░░░] +87
  Direction    🚀  RISING
  Volume       8,100 / mo
  CPC          $2.45   CPM $6.13
  Competition  0.38
  Peak window  2026-02-10 — 2026-03-03
  Hint         🚀 Strong momentum — act now before peak. High CPC = strong intent.
  Took         1243ms

With location (UK example):

python3 skills/trendproof/scripts/trendproof.py analyze "rust programming" --location 2826

Raw JSON output:

python3 skills/trendproof/scripts/trendproof.py analyze "prompt engineering" --json

Batch analysis (ranked)

Compare multiple keywords and get them ranked by velocity:

python3 skills/trendproof/scripts/trendproof.py batch "AI agents" "LLM fine-tuning" "RAG pipeline" "vector search"

Output (sorted by velocity score):

Keyword                             Score  Direction    Volume     CPC
---------------------------------------------------------------------------
AI agents                           +87   🚀 rising    8,100    $2.45
RAG pipeline                        +34   🚀 rising    2,400    $1.80
LLM fine-tuning                      +8   📊 stable    5,500    $3.20
vector search                       -12   📉 falling   3,300    $1.10

  Total cost: $0.3360

From a file:

python3 skills/trendproof/scripts/trendproof.py batch-file keywords.txt

File format (one keyword per line, # for comments):

# AI keywords
AI agents
LLM fine-tuning
RAG pipeline

Velocity score interpretation

ScoreMeaning
> 50🚀 Strong uptrend — act now
10–50🚀 Rising — good timing window
-10 to +10📊 Stable — safe but no momentum
-10 to -50📉 Declining — consider alternatives
< -50📉 Sharp decline — avoid

Score formula: ((last 4 weeks avg − prior 4 weeks avg) / prior 4 weeks avg) × 100, capped at [-100, +200].

Related keywords

Discover similar keywords with volume and CPC:

python3 skills/trendproof/scripts/trendproof.py related "AI agents"

Output:

  Similar to: AI agents

  Keyword                              Volume        CPC
  ─────────────────────────────────────────────────────────
  ai agent tools                        2,400      $3.10
  autonomous ai agents                  1,900      $4.20
  ...

API reference (direct HTTP)

For advanced use, call the API directly:

# Analyze
curl -s https://trendproof.dev/api/analyze \
  -H "Authorization: Bearer TRND_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{"keyword": "AI agents"}'

# Related keywords
curl -s https://trendproof.dev/api/related \
  -H "Authorization: Bearer TRND_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{"keyword": "AI agents"}'

# Public leaderboard (no auth)
curl -s "https://trendproof.dev/api/leaderboard?limit=10&sort=velocity"

Response fields:

  • velocity_score — -100 to +200; positive = rising
  • trend_directionrising | stable | falling
  • volume — monthly search volume
  • cpc — cost-per-click (USD)
  • cpm — estimated CPM (cpc × 2.5)
  • competition — 0–1 (DataForSEO competition index)
  • peak_window — date range of highest trend activity
  • monthly_searches — last 12 months of volume data
  • trend_data — 12-week Google Trends graph (0–100 values)
  • action_hint — human-readable recommendation

Agent tool call pattern

When used as an AI agent tool, format results like:

"AI agents" — velocity +87 🚀 rising, 8,100/mo, CPC $2.45. Peak: Feb–Mar 2026. Act now before peak.

For batch comparisons, present as a ranked list with winner highlighted.

Troubleshooting

  • No key configured: Run configure --show. If empty → ask user to get key at https://trendproof.dev/dashboard#keys
  • 401 / unauthorized: Key is set but invalid or revoked. Ask user to rotate at trendproof.dev/dashboard → API Keys → Rotate.
  • 429 / credits exhausted: Upgrade at trendproof.dev/dashboard → Billing.
  • Slow response (>5s): DataForSEO live API — expected for uncached keywords.
  • score = 0 + stable: Likely very low-volume keyword; check trend_data array.

Comments

Loading comments...