ClawHub

X Trends

v1.2.1

Fetches current top trending topics on X (Twitter) for any country using public aggregators.

8· 4k·33 current·34 all-time
by@anishtr4
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim to fetch X trends from public aggregators and the code actually performs an HTTPS GET against getdaytrends.com and parses the HTML to extract trends — this is coherent and proportionate to the stated purpose.
Instruction Scope
SKILL.md only documents CLI usage and installation; runtime code reads only command-line options and fetches/parses a remote webpage. There are no instructions to read local files, environment variables, or to transmit data to unexpected endpoints.
Install Mechanism
There is no custom installer or remote archive download; the package is a normal Node project with dependencies resolved from the npm registry (package.json / package-lock.json). That is expected for a Node CLI. Note: some dependencies declare Node engine requirements (cheerio entries reference a newer Node), which may cause runtime issues if the environment Node version is older, but this is an operational compatibility issue rather than a security incoherence.
Credentials
The skill requests no environment variables, no credentials, and does not access config paths. Its network access is limited to the aggregator site (getdaytrends.com) used to obtain trends — this matches its purpose.
Persistence & Privilege
The skill does not request always:true or any elevated/persistent platform privileges and does not modify other skills or system-wide settings. It is user-invocable and uses normal autonomous invocation defaults.
Assessment
This skill appears coherent and performs only public web scraping of getdaytrends.com. Before installing: (1) confirm you are comfortable running third‑party Node code (it will install npm dependencies from the public registry); (2) run it in a sandbox or with a compatible Node version (some dependencies reference newer Node engines); (3) be aware scraping can break if the target site changes and may be rate-limited or violate the target site's terms — avoid using it for high-volume automated requests. There are no requested credentials or hidden network endpoints in the code, but as with any third-party package, audit code or run in an isolated environment if you have security concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk972hkx3f4jfcrqhqqmxne4xgx800575

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments