ClawHub

公众号爆款选题雷达

v1.0.0

聚合多平台热点,智能评估选题潜力,提供爆款切入角度、竞品分析及差异化内容方案,助力公众号内容创作。

1· 85·0 current·0 all-time
by@sxzxlj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (hot-topic aggregator for public platforms) aligns with required code and network activity. The code implements multiple collectors and an analysis/reporting pipeline consistent with the stated purpose; requested environment/configuration is limited to a local YAML file and Python deps.
Instruction Scope
SKILL.md instructions only direct the agent to run the provided Python scripts and to read the config file. The runtime steps (scan/quick/analyze/compare) map directly to functions implemented in the code; there are no instructions to read unrelated system files, access credentials, or transmit local files to unknown endpoints.
Install Mechanism
No install spec (instruction-only metadata) — lowest installer risk. However the package includes Python scripts and a requirements.txt; running it will install standard Python packages from PyPI (requests, numpy, plotly, jieba, pyyaml). Nothing in the install is unusual or obfuscated.
Credentials
The skill does not request environment variables or secrets (good). It makes many outbound network requests to third‑party aggregator endpoints (e.g., http://api.xcvts.cn, https://tenapi.cn, https://weibo.com, sogou weixin search). These calls are proportional to the declared function but do expose queries and the host's IP to external services; api.xcvts.cn is contacted over plain HTTP in the code (privacy concern).
Persistence & Privilege
always:false and no code that modifies other skills or global agent configuration. The skill writes report files to ./data/reports (local only) and does not request elevated or persistent platform privileges.
Assessment
This skill appears coherent with its description: it scrapes/queries public trending sources, ranks topics, and writes HTML/JSON reports. Before installing/running: 1) Review and accept that the tool will make outbound HTTP(S) requests to third‑party aggregator services (api.xcvts.cn, tenapi.cn, sogou, weibo, etc.), which will see your IP and any query strings. 2) Note one endpoint is called via plain HTTP (api.xcvts.cn) — consider changing to HTTPS or using a trusted proxy if privacy is a concern. 3) The generated HTML includes a Plotly CDN script (loads remote JS when you open reports) — if you need air‑gapped usage, host Plotly locally or set include_plotlyjs appropriately. 4) Check that scraping/collection complies with the target platforms' terms of service. 5) If you require higher assurance, review the collector code paths that call external APIs and optionally pin/replace endpoints with ones you trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754d9g1a5jk7te0b5h7cyzp183vych

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments