ClawHub

Design Daily

v1.0.2

Daily design industry brief for UI/UX designers and PMs. Covers AI × design, design engineering, top product experience breakdowns, and design decision logic...

0· 95·0 current·0 all-time
byJack James@tkk0124
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: fetch.py searches design-related queries via Serper and brief.py uses DeepSeek to produce the formatted brief. Required env vars (SERPER_API_KEY, DEEPSEEK_API_KEY) are exactly the APIs used by the code; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and code are consistent about running pip install, setup.py, and run.py. Minor inconsistency: SKILL.md suggests setting keys in the OpenClaw environment, but setup.py writes a local .env file and run.py auto-loads it — so keys may be persisted on disk in the project directory. The skill writes logs and output files (logs/*.log, *_brief.txt, *_brief.json) into its folder as part of normal operation.
Install Mechanism
There is no packaged installer; the skill is distributed as Python scripts and a requirements.txt. Dependencies are limited to requests and pyyaml (standard PyPI packages). No downloads from untrusted URLs or archive extraction were observed.
Credentials
Only two API keys are required and both are directly used by the code (Serper for search, DeepSeek for generation). No additional broad-scoped secrets, system config paths, or unrelated environment variables are requested.
Persistence & Privilege
always is false and the skill does not request elevated system-wide privileges. It creates and writes its own .env, config.yaml, logs, and output files in its directory (normal for a local utility) but does not modify other skills or global agent settings.
Assessment
This skill appears coherent and implements what it claims: it searches design news (Serper) and summarizes via DeepSeek. Before installing, consider: 1) API keys: only provide SERPER_API_KEY and DEEPSEEK_API_KEY; the code will use them to call those services. 2) Key storage: setup.py writes a plain-text .env in the project folder and run.py will load it — if you don't want keys on disk, set them in your agent's secret store or environment and avoid running setup.py that writes .env. 3) Output & logs: the skill saves logs and brief files under logs/ and brief JSON including config; treat those as sensitive if they include private favorites or keys. 4) Cost & rate limits: DeepSeek calls are billed; review estimated monthly cost and monitor usage. 5) Trusting third-party services: the skill sends fetched content to DeepSeek for summarization — only use keys you control and be comfortable with those services receiving the fetched snippets. 6) Run locally or sandbox first: inspect .env, config.yaml, and logs after a test run; revoke API keys if you observe unexpected network activity. Overall the package is internally consistent and limited in scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bf6xym6jkvnw0ev5k408ean834ayg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSERPER_API_KEY, DEEPSEEK_API_KEY

Comments