ClawHub

OpenRank

v1.0.1

Fetch and analyze OpenRank and other statistical metrics for an open source repository or developer using OpenDigger data. Trigger when the user provides a G...

1· 55·0 current·0 all-time
byXudong Guo@sunny0826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenRank metrics from OpenDigger) lines up with the instructions: all runtime actions are URL fetches of OSS JSON files for GitHub/Gitee repos or users. Nothing requested (no env vars, no binaries) is out of scope for the stated purpose.
Instruction Scope
SKILL.md instructs the agent to extract platform/owner/repo and fetch specific JSON endpoints on oss.open-digger.cn, then parse and format results. It does not ask the agent to read local files, secrets, or other unrelated system state. The requirement in Scenario B to fetch many endpoints is within purpose (collecting 'all metrics').
Install Mechanism
No install spec or code files — instruction-only skill. Lowest-risk pattern: nothing is written to disk by an installer. Network fetches are explicit and expected.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not reference any secrets. This is proportionate to its purpose of reading public JSON metrics.
Persistence & Privilege
No special persistence requested (always: false). The skill does not request modifying agent config, nor does it claim permanent presence or elevated privileges.
Assessment
This skill appears to do exactly what it says: it will make outbound HTTP(S) requests to oss.open-digger.cn to retrieve public JSON metrics and then summarize them. Before installing, consider: (1) whether outbound network requests to oss.open-digger.cn are acceptable in your environment; (2) that the skill will fetch multiple endpoints when asked for 'all metrics' (which may increase request volume); and (3) that private repositories or data not published to oss.open-digger.cn will not be accessible. If you need stricter controls, block or monitor network access to the endpoint or review sample responses from oss.open-digger.cn first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsvt9v2k6k5edm0krv88xg9842tka

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments