ClawHub

Gsdata

v0.1.1

Use GSData open platform via local adapter script for account/content/rank/pubsent/nlp queries. Use when user asks for 舆情检索、热点事件、平台榜单、账号数据、小红书/微博/抖音等数据查询。 Tr...

0· 304·1 current·1 all-time
byYuwen Yang@yangyuwen-bri
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, adapter script, and the large endpoint mapping align with a GSData API adapter for social-platform/search/pubsent tasks. However, the skill manifest/registry lists no required environment variables while SKILL.md clearly states it requires GSDATA_APP_KEY and GSDATA_APP_SECRET — this mismatch is an incoherence between what the skill claims and what it needs.
Instruction Scope
SKILL.md confines runtime actions to running the bundled Python adapter and the included mapping file, plus guidance to use read-only defaults and require explicit confirmation for writes. That's appropriate. However, the adapter code defines a DEFAULT_CREDS_PATH (~/.config/gsdata/credentials.json) which suggests it may attempt to read a local credentials file if env vars are not supplied; SKILL.md does not mention this behavior. That difference expands the instruction surface beyond the documented steps.
Install Mechanism
No install spec — instruction-only with bundled script and JSON mapping. No external downloads or installers observed, and the code/mapping are included in the skill package.
!
Credentials
The adapter requires an API key and secret to call GSData; that is proportional. But the registry metadata lists no required env vars while SKILL.md names GSDATA_APP_KEY and GSDATA_APP_SECRET — a mismatch. Additionally, the code exposes a DEFAULT_CREDS_PATH which may cause the adapter to read credentials from the user's home directory without explicit documentation in SKILL.md or the registry metadata. Requesting an app key + secret for an external data API is expected, but hidden local credential-file access and the manifest omission are concerning.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform persistence. It can make outbound network calls when invoked (normal for an API adapter). Autonomous invocation is allowed by default (disable-model-invocation=false) but that is the platform norm and not flagged on its own.
What to consider before installing
This skill appears to be a local Python adapter for the GSData API and largely behaves as described, but there are a few things to check before installing: - Credential mismatch: The platform registry lists no required env vars, yet SKILL.md requires GSDATA_APP_KEY and GSDATA_APP_SECRET. Confirm that the skill will only use environment variables you explicitly set and will not silently read other secrets. - Local credential-file access: The adapter defines a default credentials path (~/.config/gsdata/credentials.json). Inspect the full script to see whether it will automatically read that file if env vars are absent — this could cause the skill to access credentials stored on your machine. - Network endpoints and transport: The adapter targets databus.gsdata.cn:8888 (HTTP). Verify whether communications use HTTPS or another secure channel in actual requests; avoid exposing secrets over plaintext HTTP. - Writes and raw calls: SKILL.md requires explicit confirmation for write actions and offers a raw path mode (gsdata_raw). Be cautious with raw paths or '--allow-write' flags — only enable writes when you trust the account/keys in use. - Practical steps: review the full gsdata_adapter.py before installing, ensure you set GSDATA_APP_KEY/SECRET as minimal-scope keys, avoid placing unrelated secrets in ~/.config/gsdata, and test in an isolated environment (or with a throwaway GSData key) if possible. Given the metadata/documentation mismatch and implicit credential-file behavior, treat this skill as suspicious until you confirm the adapter's credential-loading behavior and secure transport.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Environment variables
GSDATA_APP_KEYrequired
GSDATA_APP_SECRETrequired
latestvk973s65kyq14f1mnje26jb7wmd828hx6
304downloads
0stars
2versions
Updated 1mo ago
v0.1.1
MIT-0
Yuwen Yang@yangyuwen-bri
latest
Download

GSData Skill

This skill allows you to query the GSData open platform for public sentiment (舆情), rankings (榜单), and account data.

Prerequisites: This skill requires the requests library. If a module cannot be found, you may need to run pip install requests once.

Credentials: Authentication is handled via the GSDATA_APP_KEY and GSDATA_APP_SECRET environment variables. Do not attempt to use hardcoded test keys.

Adapter Usage

Use the bundled python script to interact with the API:

python3 ./gsdata_adapter.py

Note: The script and its mapping gsdata_tool_mapping_v1.json are bundled in this skill's directory. Always run the script via relative path (./gsdata_adapter.py) from this directory.

Rules

  1. For a new request, run --dry-run first to verify route/action mapping.
  2. Default to read-only actions.
  3. CRITICAL FOR CONVERSATIONS: If you are answering a user in a chat interface (like Telegram), you MUST append --param size=5 (or a similarly small number) to prevent dumping enormous JSON payloads into the chat context.
  4. Never run write-like actions unless user explicitly confirms.
  5. For write-like actions, require --allow-write.
  6. Return a concise summary first; included route + key fields used.
  7. PAGINATION LIMIT: The API strictly enforces a maximum of 20 items per page (e.g., passing size=100 defaults to 20). To fetch large datasets, use a loop with --param page=1, --param page=2, etc. Do NOT attempt to fetch more than 20 items in a single call.
  8. TOTAL COUNT ESTIMATION: Before scraping multiple pages for gsdata_pubsent_search, ALWAYS probe the total volume first by running a test search with --param limit=1 and checking the numFound field in the response JSON. Calculate total pages as ceil(numFound / 20). (Note: The dedicated num_found action has a bug with date parameters and should NOT be used for this purpose).

Quick Commands

1. Discover endpoint capabilities:

python3 ./gsdata_adapter.py list-tools

2. Keyword search (with size limit):

python3 ./gsdata_adapter.py invoke \
  --tool gsdata_pubsent_search \
  --action search \
  --param keywords_include=人工智能 \
  --param size=5

3. Probe data volume estimation (returns numFound):

python3 ./gsdata_adapter.py invoke \
  --tool gsdata_pubsent_search \
  --action search \
  --param keywords_include=人工智能 \
  --param date_start=2026-03-01 \
  --param date_end=2026-03-04 \
  --param media_type=weibo \
  --param limit=1

4. Hot events:

python3 ./gsdata_adapter.py invoke \
  --tool gsdata_pubsent_hot \
  --action event_list \
  --params '{"type":"1"}'

5. Xiaohongshu account search:

python3 ./gsdata_adapter.py invoke \
  --tool gsdata_account \
  --action search \
  --platform xiaohongshu \
  --param xiaohongshu_name=AI \
  --param size=2

Write Actions (Explicit Confirmation Required)

Examples:

  • gsdata_pubsent_warning create_rule/update_rule/open_rule/close_rule
  • gsdata_myrank_group group_add/group_del
  • gsdata_myrank_account acct_add/acct_del/acct_add_by_url

When approved, append --allow-write:

python3 ./gsdata_adapter.py invoke \
  --tool gsdata_pubsent_warning \
  --action create_rule \
  --params '{"name":"demo"}' \
  --allow-write

Comments

Loading comments...