关键词监控系统
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may underestimate that monitored keywords, search queries, or generated reports can leave the local environment and be visible to external services or a Feishu group.
The skill claims data will not be uploaded to third parties, but it also describes using Tavily’s external API and pushing reports to Feishu via webhook.
所有数据存储在本地,不会上传到第三方 ... 基于 Tavily AI 搜索 API ... 每日报告自动推送到飞书群
Revise the privacy statement to accurately describe what is sent to Tavily and Feishu, and require the user to confirm external sharing before enabling pushes.
If configured carelessly, these credentials could allow unwanted API usage or posting into the selected Feishu group.
The skill requires a Tavily API key and may use a Feishu webhook, which are sensitive credentials or delegated posting authority. This is purpose-aligned, but the registry metadata declares no primary credential or required env vars.
飞书推送:在配置中设置Webhook地址(可选) ... API配置:需要Tavily API Key
Use least-privilege credentials, restrict the Feishu webhook to a dedicated group, and store keys outside the skill text or shared prompts.
Keywords, collected content, and reports may be processed by third-party services or delivered to people in the configured Feishu group.
The described workflow depends on an external search provider and a webhook destination. These integrations are expected for the skill, but the data boundaries are not fully specified.
基于 Tavily AI 搜索 API,自动抓取各大平台 ... 飞书Webhook仅用于推送报告
Document exactly what data is sent to each provider and avoid including confidential keywords, private leads, or sensitive business data unless the user approves.
Local reports may retain monitored topics, competitor information, or sales leads beyond the immediate task.
The skill stores generated reports locally for later use. This is aligned with monitoring and trend analysis, but it creates persistent local records.
所有报告保存在本地,支持历史查询和趋势分析
Specify the storage path, retention period, and cleanup process, and avoid storing sensitive monitoring data longer than needed.