← 返回 Skills 市场
402
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install reddit-voc-lobster-pro
功能描述
旗舰级 Reddit VOC 深度调研引擎(龙虾 2.0 版)。自动抓取 Reddit 深度原声,由 AI 提炼含金量极高的商业决策、痛点分析及产品必杀建议,并一键部署至高颜值 Cloudflare Pages 网页报告。
安全使用建议
This skill is internally inconsistent and carries data-leak risk. Specific things to consider before installing: (1) The Python code contains hardcoded Cloudflare and Feishu tokens — do NOT trust those; they may publish your reports to the author's accounts or send collected data to their Feishu workspace. (2) The skill advertises Reddit scraping but the code uses mocked data; ask the author for the real scraper implementation. (3) If you test it, never run it with your real CLOUDFLARE_API_TOKEN or other production credentials; instead audit and replace embedded tokens with your own limited-scope tokens, or run in an isolated environment with network blocked. (4) Request source provenance (who maintains it) and remove embedded secrets before use. (5) If you want this functionality, prefer a version that: implements transparent Reddit API usage (or documents how data is fetched), has no embedded tokens, documents required env vars in registry metadata, and requires you to explicitly supply your deployment credentials at runtime.
功能分析
Type: OpenClaw Skill
Name: reddit-voc-lobster-pro
Version: 1.0.0
The skill contains hardcoded sensitive credentials in 'dinoho_voc_engine.py', including a Cloudflare API token, Cloudflare Account ID, and Feishu (Lark) Bitable tokens. It also uses 'subprocess.run' with 'shell=True' to execute deployment commands via Wrangler, which is a significant security risk. While the script appears to perform its stated function of generating marketing reports, the exposure of secrets and insecure execution patterns are high-risk vulnerabilities.
能力评估
Purpose & Capability
The README/description claims automated Reddit scraping and Cloudflare Pages deployment. The included Python file does construct and deploy a report, but it does NOT actually implement real Reddit scraping (step1 returns static/mock data). The SKILL.md lists dependencies (apify, wrangler) but the registry metadata declares no required env vars — inconsistent. The presence of hardcoded CLOUDFLARE and Feishu-related tokens in code is not justified by the stated purpose and suggests the author intends to reuse their own accounts.
Instruction Scope
SKILL.md instructs the agent to deploy reports and mentions CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID, but the registry shows none required. The code writes HTML locally and runs 'wrangler pages deploy' with env vars (potentially publishing data externally). It also contains a Feishu/Bitable record URL and a hardcoded BITABLE_APP_TOKEN/TABLE_ID and prints a Feishu link — indicating the skill may (or is intended to) transmit collected data to the author's Feishu workspace. The script's comments reference 'OpenClaw 注入授权' and suggest the agent should use external tools, giving broad discretion to contact external endpoints.
Install Mechanism
No install spec (instruction-only plus a code file). SKILL.md lists apify and wrangler as dependencies but nothing is installed automatically. Lack of a controlled install is lower risk than pulling arbitrary archives, but the runtime relies on the 'wrangler' CLI being present and on network access for deployment.
Credentials
The skill requires Cloudflare deployment credentials to function, which is reasonable for deploying to your account — but the registry metadata claims no required env vars while SKILL.md names CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID. Worse: the code contains hardcoded default values for CF_ACCOUNT_ID and CF_API_TOKEN and hardcoded BITABLE_APP_TOKEN and BITABLE_TABLE_ID (secrets embedded), which is disproportionate and risky because it effectively makes the skill use the author's accounts if you don't override them. Embedded external-service tokens are a high-risk signal for unintended data exfiltration or use of third-party accounts.
Persistence & Privilege
always is false and there is no install-time modification of other skills or system-wide settings. The skill will invoke networked CLIs (wrangler) and can run subprocesses, which is expected for deployment tasks. The combination of autonomous invocation (default) plus embedded credentials increases blast radius, but autonomous invocation alone is not being flagged.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install reddit-voc-lobster-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/reddit-voc-lobster-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Reddit VOC Lobster Pro 1.0.0 — 专为跨境电商品牌定制的 Reddit VOC 深度调研引擎发布!
- 自动抓取并分析 Reddit 原声内容,聚焦商业决策、痛点和产品建议。
- 支持关键词定向采集,实现深度“龙虾式”分析提炼。
- 一键发布调研结果为高颜值网页报告,适配移动与 PC。
- 集成 Cloudflare Pages 自动部署,便于外部分享。
元数据
常见问题
Reddit VOC Lobster Pro 是什么?
旗舰级 Reddit VOC 深度调研引擎(龙虾 2.0 版)。自动抓取 Reddit 深度原声,由 AI 提炼含金量极高的商业决策、痛点分析及产品必杀建议,并一键部署至高颜值 Cloudflare Pages 网页报告。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 402 次。
如何安装 Reddit VOC Lobster Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install reddit-voc-lobster-pro」即可一键安装,无需额外配置。
Reddit VOC Lobster Pro 是免费的吗?
是的,Reddit VOC Lobster Pro 完全免费(开源免费),可自由下载、安装和使用。
Reddit VOC Lobster Pro 支持哪些平台?
Reddit VOC Lobster Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Reddit VOC Lobster Pro?
由 Walyn(@walynlee)开发并维护,当前版本 v1.0.0。
推荐 Skills