ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trend Tap

v2.0.0

Real-time trending topics aggregator across 7 platforms (X/Twitter, Reddit, Google Trends, Hacker News, Zhihu, Bilibili, Weibo). Trigger: when user says 'tre...

0· 105·0 current·0 all-time
by@xiaoyiweio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (trending topics from 7 platforms) matches the code and declared requirements. Only required binary is python3 and the install step is 'brew python3' — both reasonable and proportionate for a Python-based scraper.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts (trends.py and scheduler.py). Those scripts perform network requests to the listed platforms and format results — consistent with the stated purpose. Note: scheduler.py reads and writes the user's crontab to schedule daily briefings (this changes system state), and the code saves scheduled results under ~/.openclaw/trend-tap/daily/.
Install Mechanism
Install spec is a single brew package (python3). No downloads from arbitrary URLs or archive extraction. Low installation risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All network calls use public endpoints. There is a hard-coded Cookie header in the Weibo HTML fallback request, but this is a static value in the code (not requesting user secrets).
Persistence & Privilege
always:false and default autonomous invocation are unchanged (normal). The scheduler component will modify the user's crontab and create files under the user's home directory when invoked; consider that an explicit side effect rather than a hidden privilege escalation.
Assessment
This skill appears coherent and implements what it claims: it scrapes public sources using Python and requires no API keys. Before installing or enabling scheduled runs, review and approve the scheduler behavior (it writes entries to your user crontab and creates daily files under ~/.openclaw/trend-tap/daily/). If you don't want automated scheduling, avoid running scheduler.py --set. Also review the code if you have concerns about scraping frequency or the hard-coded Weibo cookie header; otherwise there are no unexplained credential requests or hidden network endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tz9gmqsdg6zftpgwkwptv1835w3w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis
Binspython3

Install

Install Python 3 (brew)
Bins: python3

Comments