GitHub Trending Blog Pipeline
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only workflow for turning public GitHub repository data into blog drafts, with the main caveat that it relies on external tools and skills that should be trusted separately.
Before installing, make sure the referenced github, summarize, card-renderer, and wechat-article-pro skills come from trusted sources. If your gh CLI is logged in, expect the workflow to use that GitHub account for API queries. Review generated content and command inputs before saving or posting anything publicly.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may call external services, run local command-line tools, execute a local renderer script, and write draft files under /tmp.
The workflow is built around executing API, CLI, Python, and shell commands with templated inputs. This is purpose-aligned for automation, but users should understand and confirm the commands before running them.
"command": "gh api graphql ..."; "command": "summarize \"{{repo_url}}\" --extract-only"; "command": "python3 /root/.openclaw/workspace/skills/card-renderer/scripts/render_vscode_card.py ..."; "command": "cat > /tmp/github_blog_{{date}}.md ..."Review templated values such as language, date, repo URL, and generated blog content before execution; prefer safe file-writing methods or carefully constrained shell commands.
GitHub API requests may be associated with the user's configured GitHub CLI account and rate limits.
The GitHub CLI API command may use the user's existing local GitHub CLI authentication. The artifact shows read-only public repository search, not account mutation or token exposure.
使用 `gh api` 采集 GitHub Trending 页面的热门项目列表。
Use a least-privileged GitHub CLI login or unauthenticated mode where possible, and verify that only read-only public repository queries are being made.
Actual behavior depends on the installed versions of those external skills and their scripts, especially the card renderer and WeChat article workflow.
This instruction-only package delegates core behavior to other skills and tools whose code/provenance is not included in the supplied artifacts.
"skills": [ "github", "summarize", "card-renderer", "wechat-article-pro" ]
Install dependent skills only from trusted sources and review their artifacts separately before using this pipeline.