Food Safety Sentiment Monitor (Kevin)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill looks like a demo/prototype that can output a fabricated “critical” food-safety crisis, so its automated PR guidance should not be trusted as real monitoring.
Treat this as a test/demo skill, not a production food-safety monitor. Verify live source data yourself before relying on any risk grade or PR statement, and only configure a Minimax key if you are comfortable sending the scraped content to that provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could mistake mock crisis output for real monitoring and prepare or act on an unnecessary PR response.
When no Minimax key is configured, the monitor returns a specific fabricated critical incident rather than a real analysis result, while the SKILL.md advertises automatic real-time sentiment monitoring and event detection.
if (!config.minimax.apiKey) { ... eventSummary: "罗永浩曝光西贝北京门店食材过期,转发量50万+", riskLevel: "critical" }Label this clearly as test/demo code, remove hard-coded critical incidents from production paths, and require verified live data plus user review before generating crisis guidance.
Running the skill will drive a headless browser to visit Weibo search results.
The skill executes a fixed function inside the browser page context to extract DOM text, which is normal for Playwright scraping but still means the skill runs browser automation code.
const events = await page.$$eval('.card-wrap', nodes => nodes.slice(0, 5).map(n => ({ ... })))Use only in an environment where browser automation and access to Weibo are acceptable, and keep Playwright updated.
If the user fills in credentials, the skill can act against that Minimax account for model calls.
The code can use a Minimax API key and group ID if configured, although registry metadata declares no primary credential or required environment variables.
apiKey: config.minimax.apiKey, groupId: config.minimax.groupId
Document the credential requirement in metadata and use a least-privileged key dedicated to this skill.
Collected social-media content and chosen keywords may leave the local environment for provider processing.
If Minimax is configured, scraped event content and author fields are sent to an external model provider for analysis.
const prompt = `分析舆情:${JSON.stringify(events)}...`; const res = await client.chat.completions.create({ ... })Avoid sending private or sensitive data, and review Minimax data-handling terms before enabling the API path.