Qingbo Search

v1.0.1

通过清博开放平台，根据关键词、时间和媒体类型检索并返回相关网络文章标题、链接及发布时间等信息。

⭐ 3· 311·0 current·0 all-time

by@zhangqiang327

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhangqiang327/qingbo-search.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Qingbo Search" (zhangqiang327/qingbo-search) from ClawHub.
Skill page: https://clawhub.ai/zhangqiang327/qingbo-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install zhangqiang327/qingbo-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install qingbo-search

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (Qingbo article search) align with the code and SKILL.md. The skill reads app_key/app_secret from config.json, builds a signed request, and calls a Qingbo-like API endpoint to return article results — these are exactly what the skill claims to do.

Instruction Scope

SKILL.md and code stay within search functionality (parse natural language, build params, call API, format results). However, the runtime uses a local config.json file to store credentials and sends an access-token header to the API over http://databus.gsdata.cn:8888 (plain HTTP). Storing credentials in a file and transmitting tokens on unencrypted HTTP increase risk of credential exposure; SKILL.md does not warn about these risks or recommend secure storage/transport.

✓

Install Mechanism

No install spec in registry (instruction-only install). Project uses a single dependency (node-fetch) declared in package.json and package-lock.json; installation via npm is standard and proportionate to the functionality. No downloads from untrusted URLs or extraction of archives are present.

Credentials

The skill requires API credentials (app_key and app_secret) which are appropriate for the API integration. But credentials are expected in plaintext config.json (file in the skill directory). This is a legitimate design choice but increases risk if the file is stored in source control or is on a shared filesystem. Additionally, the code places a base64 token containing app_key and signature in an HTTP header sent over plain HTTP (not HTTPS), which risks interception.

✓

Persistence & Privilege

Skill does not request always:true, has no special OS restrictions, and does not modify other skills or global agent configuration. It only reads its own config.json. Autonomous invocation is allowed but is the platform default.

Assessment

This skill appears to do exactly what it says: query the Qingbo-like API using an app_key and app_secret stored in config.json. Before installing, consider: 1) Do NOT commit config.json containing app_key/app_secret to source control — treat them as secrets. 2) Prefer storing credentials in a secrets manager or environment variables rather than an on-disk plaintext file. 3) The code calls the API using http://databus.gsdata.cn:8888 (plain HTTP). Ask the maintainer to use HTTPS (or verify the service requires HTTP) to avoid sending credentials in cleartext. 4) Verify the API hostname and provider (databus.gsdata.cn) are the legitimate Qingbo endpoint you expect. 5) If you must use this skill on sensitive networks, audit network egress rules or run it in an isolated environment. If the maintainer provides an updated version that uses HTTPS and documents secure credential handling, the security concerns would be largely resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk974phc5ze9gv42rphyqvzzcj98287rb

311downloads

3stars

2versions

Updated 1mo ago

v1.0.1

MIT-0

清博开放平台文章搜索 Skill

功能说明

通过清博开放平台的关键词检索文章接口，帮助用户搜索全网文章舆情信息。用户可以根据关键词、时间范围、媒体类型等条件进行检索，并获取文章标题、URL、发布时间等信息。

配置说明

1. 注册开发者账号

访问清博开放平台官网注册账号
登录后创建应用，获取 app_key 和 app_secret

2. 配置文件

在 config.json 文件中配置以下参数：

{
  "app_key": "您的app_key",
  "app_secret": "您的app_secret"
}

使用方法

基本搜索

输入包含关键词的查询语句，如：

"搜索关于人工智能的文章"
"查找2024年1月的科技新闻"

高级搜索

可以指定时间范围、平台类型等条件，如：

"搜索2024年1-3月微信平台关于人工智能的文章"
"查找最近一周微博上的经济相关新闻"

统计分析

可以请求统计信息，如：

"统计2024年关于人工智能的文章数量"
"分析2024年1月科技新闻的媒体分布"

接口说明

关键词检索文章接口

API地址：/pubsent/full-search/index
请求方式：GET
主要参数：
- keywords_include：关键词（必填）
- posttime_start：开始时间（可选）
- posttime_end：结束时间（可选）
- media_type：媒体类型（可选）
- news_emotion：情感属性（可选）
- refer_province：省份（可选）
- order：排序方式（可选）
- sort：排序字段（可选）
- page：页码（可选）
- limit：每页数量（可选）

响应示例

{
  "success": true,
  "data": {
    "newsList": [
      {
        "news_title": "文章标题",
        "news_url": "文章URL",
        "news_posttime": "发布时间",
        "media_type": "媒体类型",
        "media_name": "媒体名称"
      }
    ],
    "numFound": 100
  }
}

技术实现

关键词提取

使用自然语言处理技术分析用户输入语句，提取关键词、时间范围、平台类型等参数。

接口调用

签名生成：按照清博API鉴权机制生成请求签名
请求发送：发送HTTP请求到清博API接口
响应处理：解析API返回的JSON数据

结果呈现

根据用户输入的实际需求，返回文章标题、URL、时间等信息，或统计文章总量进行分析。

注意事项

接口调用会消耗清博平台点数，请合理使用
每个接口调用有参数限制，如关键词数量、时间范围等
接口返回数据可能包含重复或相似文章（通过sim_hash字段识别）

Comments

Loading comments...