爆款选题发现虾
v1.0.0爆款选题发现虾 — 全网热点实时监控与爆款选题挖掘专家。从微博、抖音、知乎、百度、B站等平台抓取热榜数据,智能过滤匹配账号定位,分析爆款内容规律,生成可执行的选题建议,并存入飞书多维表格选题库。 **当以下情况时使用此 Skill**: (1) 用户要求监控热点、找热搜、发现爆款选题 (2) 需要分析同领域高赞内...
⭐ 0· 60·0 current·0 all-time
byRicky@tujinsama
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (抓取各平台热榜并生成选题、可选存入飞书) aligns with the included script and reference docs. The Python script fetches hotlists from the stated platforms and the SKILL.md explains filtering, analysis and optional storage. No unrelated cloud APIs, elevated system access, or surprising binaries are requested.
Instruction Scope
Instructions are focused on running the provided fetch-hotlist.py, reading the local reference files for analysis rules, filtering and generating cards, and optionally writing to a Feishu multi-dimensional table. The doc also instructs using an agent tool 'web_search' for competitor lookups — this is plausible but grants the agent additional network/search capability; the SKILL.md does not overbroadly instruct reading arbitrary user files or secrets.
Install Mechanism
No install spec; this is an instruction-only skill plus a small included Python script. No downloads or archive extraction are performed during install. The script uses only standard Python libraries (urllib, concurrent) so there is no unexpected third-party package installation.
Credentials
The skill declares no required env vars, which matches the repo. However: (1) the script expects platform cookies (Douyin/Xiaohongshu) to be pasted into the COOKIES dict in the script — that is storing credentials in plaintext in a file and is a privacy/security risk; (2) SKILL.md references writing records via feishu_bitable_app / feishu_bitable_app_table_record but does not declare or explain required Feishu credentials or connector setup. Users should ensure Feishu credentials are provided via the agent's secure connector (not hard-coded) if they want storage.
Persistence & Privilege
always is false and the skill has no install-time persistence or modifications to other skills or system-wide configs. The skill runs its script on demand and prints JSON; optional Feishu writes would use the platform's connector (not implemented in code here). No elevated privileges are requested.
Assessment
This skill appears to do what it says: it fetches public hotlist APIs, filters and analyzes results, and can optionally save items to Feishu. Before installing/using it: (1) Do NOT paste long-lived account cookies or tokens into the script file in plaintext; instead store them in a secure secret store or agent connector if possible. (2) If you enable the Feishu storage path, verify what Feishu credentials/permissions the agent connector will use — avoid embedding Feishu tokens in code. (3) Be aware scraping platform endpoints may trigger rate limits or violate a platform's terms of service; use conservative polling and respect robots/rate limits. (4) The script prints results to stdout and does not exfiltrate data to unknown third-party servers, but review any environment where you run it (shared CI/runners) so cookies or result JSON are not exposed. If you want stronger assurance, ask the maintainer (or review updates) to: move cookie/config handling to environment variables or a secure secrets API, and implement explicit Feishu connector usage rather than referencing non-declared functions.Like a lobster shell, security has layers — review code before you run it.
latestvk97deeagn25rz027j40wphbvss84gn61
License
MIT-0
Free to use, modify, and redistribute. No attribution required.