← 返回 Skills 市场
yuanyi-github

公众号爆款文章查询

作者 to the moon · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gzh-explosive-content-detector
功能描述
获取公众号热门文章数据,包含多个领域10w+文章,拆解流量密码。技能包含:根据用户输入的关键词,输出标题、作品链接、作者、发布时间、阅读数、推荐理由。
使用说明 (SKILL.md)

公众号爆款雷达

触发本技能并需要执行完整流程时,必须先读取与本技能同目录下的 references/gzh_explosive_content_workflow.md,并完整遵循其中的核心执行规则、操作步骤(功能一各步骤及步骤7自检)与输出要求。数据格式说明见 references/gzh_trend_data_format.md。脚本路径相对于技能目录:scripts/fetch_gzh_trends.py

安全使用建议
This skill mostly does what it claims (it calls an included Python script to fetch and format WeChat public-article trend data), but there are red flags you should consider before installing or using it: - The script calls a third-party API at onetotenvip.com. If you run the skill, your query keywords (and possibly other context) will be sent to that host. Only use it if you trust that service. - The script disables TLS certificate verification and deliberately avoids sending SNI (server name) when establishing HTTPS connections. This makes network connections opaque and can be used to evade interception detection — a risky implementation choice. Avoid sending sensitive or private keywords/data via this skill. - The SKILL.md lists the 'requests' library dependency, but the script does not use requests; this inconsistency may be benign but is worth asking the author about. Recommendations: - If you must use it, run it in an isolated/sandbox environment or on a machine/network where you can monitor outbound traffic (so you can see what is sent to onetotenvip.com). - Ask the skill author for the API provider's documentation and why TLS verification/SNI were disabled; prefer a version that uses verified TLS (requests or urllib with certificate validation) and a documented, trusted backend. - Do not use the skill for queries containing sensitive, confidential, or personally identifiable information until you can verify the remote service's trustworthiness. - If you have the capability, examine (or ask the author to publish) the remainder of the script to confirm there is no additional behavior (file reads, credential harvesting, unknown callbacks).
功能分析
Type: OpenClaw Skill Name: gzh-explosive-content-detector Version: 1.0.0 The skill bundle contains a Python script `scripts/fetch_gzh_trends.py` that performs network requests to an external API (`onetotenvip.com`) using raw sockets and explicitly disables SSL certificate verification (`ssl.CERT_NONE`). While these techniques are common in scraping tools to bypass network filters or SNI-based blocking, they introduce significant security vulnerabilities such as Man-in-the-Middle (MITM) risks. The instructions in `SKILL.md` and `references/gzh_explosive_content_workflow.md` are highly directive and control the agent's workflow strictly, but they appear functionally aligned with the stated purpose of WeChat content analysis.
能力评估
Purpose & Capability
Name/description (获取公众号热门文章) match the included script which queries a remote API and formats results. However there are two mismatches: the SKILL.md declares a dependency on the 'requests' library although the provided script implements its own raw-socket HTTPS client (it does not use requests), and the script calls an opaque third-party endpoint (https://onetotenvip.com/...) instead of a clearly documented official data source. Requiring network access to a single unknown domain is plausible for this purpose, but the combination with the custom transport is unexpected.
Instruction Scope
Runtime instructions are explicit: read the included references, follow the workflow, and call scripts/fetch_gzh_trends.py with the given parameters. The SKILL.md does not instruct the agent to read arbitrary system files or extra environment variables beyond the included reference files, and the scripted flow enforces user-confirmation rules for generic keywords. The instruction scope is narrow and aligned with the stated purpose.
Install Mechanism
There is no install spec (instruction-only plus an included Python script), which minimizes installation risk. However the declared python dependency 'requests>=2.28.0' does not appear to be used by the provided script (the script implements HTTP via sockets). This mismatch is unexpected and could be benign sloppiness or an attempt to conceal behavior in a dependency; it merits review.
Credentials
The skill requests no environment variables or credentials, which is good. However the script sends user-supplied keywords and start dates directly to an external domain (onetotenvip.com) over a custom TLS connection that explicitly disables certificate verification and sets server_hostname=None (no SNI). That combination increases risk: queries (potentially containing sensitive keywords or context) will be transmitted to a third-party host, and TLS verification is disabled so man-in-the-middle interception cannot be detected. No justification for these choices is documented in SKILL.md or references.
Persistence & Privilege
The skill does not request persistent privileges (always:false) and does not modify other skills' configuration. It runs a local Python script on demand. Autonomous invocation is enabled (platform default) but not combined with other high-risk indicators.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gzh-explosive-content-detector
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gzh-explosive-content-detector 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
gzh-explosive-content-detector 1.0.0 initial release: - Added ability to fetch and analyze popular WeChat public account articles across multiple fields. - Supports keyword-based search to return title, article link, author, publication date, view count, and recommendation reason. - Enforces a strict workflow and output format by referencing external documentation for rules and data structure. - Requires Python requests library (>=2.28.0).
元数据
Slug gzh-explosive-content-detector
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

公众号爆款文章查询 是什么?

获取公众号热门文章数据,包含多个领域10w+文章,拆解流量密码。技能包含:根据用户输入的关键词,输出标题、作品链接、作者、发布时间、阅读数、推荐理由。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。

如何安装 公众号爆款文章查询?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gzh-explosive-content-detector」即可一键安装,无需额外配置。

公众号爆款文章查询 是免费的吗?

是的,公众号爆款文章查询 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

公众号爆款文章查询 支持哪些平台?

公众号爆款文章查询 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 公众号爆款文章查询?

由 to the moon(@yuanyi-github)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论