ClawHub

声誉体温计

v1.0.0

舆情风险预诊工具。单段文本快速风险评估,输出风险评分 (1-10)、风险等级 (蓝/黄/橙/红/黑)、传播力×危害力矩阵。适用于客服筛查、社交媒体预检。

1· 71·0 current·0 all-time
by@zhushanwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (舆情风险预诊) match the included script and SKILL.md. Required resources are minimal and appropriate — no credentials, no external services, and the script contains the keyword lists, simple ML classifier, and reporting described.
Instruction Scope
SKILL.md instructs running scripts/analyze_risk.py and using --json; the script implements local text analysis only. Instructions do not ask the agent to read unrelated files, system config, or to transmit results to external endpoints.
Install Mechanism
No install spec (instruction-only + one local script). Nothing is downloaded or written to system paths during install; risk from install mechanism is minimal.
Credentials
The skill requests no environment variables, credentials, or config paths. The many sensitive-related keyword lists in the code are used for detection (not exfiltration) and are proportionate to the stated purpose.
Persistence & Privilege
always:false and no code that modifies agent/system configuration. The skill does not request permanent presence or privileged system access.
Assessment
This skill appears coherent and local-only, but a few practical cautions: (1) review the full script yourself before use — it processes raw text and contains extensive keyword lists (no obfuscation or network calls were found in the provided code). (2) Do not feed sensitive personal data (身份证号, 手机号, 银行卡, 密码, 等) into the tool if you are concerned about logging or storage on systems you don't control — the script itself doesn't exfiltrate data, but your environment (shell history, CI logs) might retain inputs. (3) The classifier is heuristic and lightweight; treat outputs as triage suggestions, not definitive decisions for automated crisis actions. (4) If you plan automated/agent invocation in production, run it in an isolated environment and add logging/approval gates for high-severity outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk976f156k6t0e3wq60cb0jesns83kh55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments