Back to skill
Skillv1.0.2
ClawScan security
Google Trends RSS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 9:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its description: it fetches Google Trends RSS, parses it, and emits table/JSON/CSV — no unrelated credentials, installs, or external endpoints are requested.
- Guidance
- This skill appears to do exactly what it says: fetch public Google Trends RSS and format results. Before running: (1) review the included script locally (it's small and readable), (2) be aware it will make outbound HTTPS requests to trends.google.com, and (3) if you use --out, ensure you provide a safe path (it will overwrite that file). If you need offline or audited use, run the script in a controlled environment. If you expect historical timeseries or authenticated Google APIs, note this skill only provides the public daily RSS feed.
Review Dimensions
- Purpose & Capability
- okName/description (Google Trends RSS) aligns with the provided script and notes: the code fetches trends.google.com RSS endpoints and parses trend fields. Required capabilities are minimal and appropriate for the stated purpose.
- Instruction Scope
- okSKILL.md instructs only to run the included Python script with explicit flags. The runtime instructions and script only perform network fetches to Google Trends, parse XML, print or write output to a user-specified path; they do not read unrelated files, environment variables, or send data to unknown endpoints.
- Install Mechanism
- okNo install spec; the skill is instruction-only with a single Python script and no external dependencies. This has low install risk — nothing is downloaded or written except when the user chooses an --out file.
- Credentials
- okThe skill requires no environment variables or credentials. It only needs outbound network access to trends.google.com (public RSS). No secrets or unrelated credentials are requested.
- Persistence & Privilege
- okalways is false and the skill does not attempt to modify agent/system configuration or other skills. It runs only when invoked and only writes to an explicit output path if provided.