← Back to Skills Marketplace
402
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install reddit-voc-lobster-pro
Description
旗舰级 Reddit VOC 深度调研引擎(龙虾 2.0 版)。自动抓取 Reddit 深度原声,由 AI 提炼含金量极高的商业决策、痛点分析及产品必杀建议,并一键部署至高颜值 Cloudflare Pages 网页报告。
Usage Guidance
This skill is internally inconsistent and carries data-leak risk. Specific things to consider before installing: (1) The Python code contains hardcoded Cloudflare and Feishu tokens — do NOT trust those; they may publish your reports to the author's accounts or send collected data to their Feishu workspace. (2) The skill advertises Reddit scraping but the code uses mocked data; ask the author for the real scraper implementation. (3) If you test it, never run it with your real CLOUDFLARE_API_TOKEN or other production credentials; instead audit and replace embedded tokens with your own limited-scope tokens, or run in an isolated environment with network blocked. (4) Request source provenance (who maintains it) and remove embedded secrets before use. (5) If you want this functionality, prefer a version that: implements transparent Reddit API usage (or documents how data is fetched), has no embedded tokens, documents required env vars in registry metadata, and requires you to explicitly supply your deployment credentials at runtime.
Capability Analysis
Type: OpenClaw Skill
Name: reddit-voc-lobster-pro
Version: 1.0.0
The skill contains hardcoded sensitive credentials in 'dinoho_voc_engine.py', including a Cloudflare API token, Cloudflare Account ID, and Feishu (Lark) Bitable tokens. It also uses 'subprocess.run' with 'shell=True' to execute deployment commands via Wrangler, which is a significant security risk. While the script appears to perform its stated function of generating marketing reports, the exposure of secrets and insecure execution patterns are high-risk vulnerabilities.
Capability Assessment
Purpose & Capability
The README/description claims automated Reddit scraping and Cloudflare Pages deployment. The included Python file does construct and deploy a report, but it does NOT actually implement real Reddit scraping (step1 returns static/mock data). The SKILL.md lists dependencies (apify, wrangler) but the registry metadata declares no required env vars — inconsistent. The presence of hardcoded CLOUDFLARE and Feishu-related tokens in code is not justified by the stated purpose and suggests the author intends to reuse their own accounts.
Instruction Scope
SKILL.md instructs the agent to deploy reports and mentions CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID, but the registry shows none required. The code writes HTML locally and runs 'wrangler pages deploy' with env vars (potentially publishing data externally). It also contains a Feishu/Bitable record URL and a hardcoded BITABLE_APP_TOKEN/TABLE_ID and prints a Feishu link — indicating the skill may (or is intended to) transmit collected data to the author's Feishu workspace. The script's comments reference 'OpenClaw 注入授权' and suggest the agent should use external tools, giving broad discretion to contact external endpoints.
Install Mechanism
No install spec (instruction-only plus a code file). SKILL.md lists apify and wrangler as dependencies but nothing is installed automatically. Lack of a controlled install is lower risk than pulling arbitrary archives, but the runtime relies on the 'wrangler' CLI being present and on network access for deployment.
Credentials
The skill requires Cloudflare deployment credentials to function, which is reasonable for deploying to your account — but the registry metadata claims no required env vars while SKILL.md names CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID. Worse: the code contains hardcoded default values for CF_ACCOUNT_ID and CF_API_TOKEN and hardcoded BITABLE_APP_TOKEN and BITABLE_TABLE_ID (secrets embedded), which is disproportionate and risky because it effectively makes the skill use the author's accounts if you don't override them. Embedded external-service tokens are a high-risk signal for unintended data exfiltration or use of third-party accounts.
Persistence & Privilege
always is false and there is no install-time modification of other skills or system-wide settings. The skill will invoke networked CLIs (wrangler) and can run subprocesses, which is expected for deployment tasks. The combination of autonomous invocation (default) plus embedded credentials increases blast radius, but autonomous invocation alone is not being flagged.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install reddit-voc-lobster-pro - After installation, invoke the skill by name or use
/reddit-voc-lobster-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Reddit VOC Lobster Pro 1.0.0 — 专为跨境电商品牌定制的 Reddit VOC 深度调研引擎发布!
- 自动抓取并分析 Reddit 原声内容,聚焦商业决策、痛点和产品建议。
- 支持关键词定向采集,实现深度“龙虾式”分析提炼。
- 一键发布调研结果为高颜值网页报告,适配移动与 PC。
- 集成 Cloudflare Pages 自动部署,便于外部分享。
Metadata
Frequently Asked Questions
What is Reddit VOC Lobster Pro?
旗舰级 Reddit VOC 深度调研引擎(龙虾 2.0 版)。自动抓取 Reddit 深度原声,由 AI 提炼含金量极高的商业决策、痛点分析及产品必杀建议,并一键部署至高颜值 Cloudflare Pages 网页报告。 It is an AI Agent Skill for Claude Code / OpenClaw, with 402 downloads so far.
How do I install Reddit VOC Lobster Pro?
Run "/install reddit-voc-lobster-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reddit VOC Lobster Pro free?
Yes, Reddit VOC Lobster Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Reddit VOC Lobster Pro support?
Reddit VOC Lobster Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reddit VOC Lobster Pro?
It is built and maintained by Walyn (@walynlee); the current version is v1.0.0.
More Skills