ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Juejin Article Trends

v0.0.1

获取掘金网站热门文章排行榜,支持查询文章分类列表和各分类的热门文章趋势。当用户需要了解掘金技术文章排行榜、获取前端/后端/AI等领域的热门文章时使用此技能。

0· 1k·3 current·3 all-time
by无处不在@wuchubuzai2018
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md and scripts/juejin.js implement exactly what the description promises (fetch category list and ranked articles from juejin.cn). Minor inconsistency: the skill manifest lists no required binaries, but SKILL.md and the script expect Node.js (commands use `node scripts/juejin.js`).
Instruction Scope
Instructions are narrowly scoped to running the included Node script to call juejin.cn public APIs. The script only performs HTTPS GET requests to juejin.cn API endpoints and does not read files, environment variables, or transmit data to unrelated endpoints.
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing is downloaded or written to disk by an installer; the only runtime requirement is an existing Node.js runtime to run the script.
Credentials
The skill requests no environment variables, secrets, or config paths. The code does not attempt to access credentials or other services beyond juejin.cn APIs.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system settings. It behaves as a normal, on-demand helper.
Assessment
This skill appears to do what it says: it queries juejin.cn public APIs and prints JSON results. Before installing or running: (1) ensure you have Node.js available (the manifest didn't declare this but SKILL.md uses `node`); (2) review the included script yourself — it is small and network-only; (3) consider running it in an isolated environment if you are cautious; (4) be aware the script scrapes public API endpoints (rate limits or terms of service may apply), and the tool rotates User-Agent strings to avoid a fixed UA which is typical for scrapers but worth knowing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpzs5d8h6ety7v9chnv2jt580whmx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments