← 返回 Skills 市场

Trend Scope

Name: Trend Scope
Author: longgggggg

作者 longGGGGGG · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

116

总下载

当前安装

版本数

在 OpenClaw 中安装

/install trend-scope

功能描述

舆情趋势洞察技能。根据用户需求自动生成专业的舆情分析报告，包含情感分布、地域分布、关键词分析、媒体分布、时间趋势等多维度分析。触发词：舆情、报告、生成报告、舆情报告、分析报告、品牌分析、市场分析、竞品分析、趋势分析。

安全使用建议

This skill appears to be a legitimate report generator, but before installing or using it: 1) Do not paste API keys or PII into chat — follow the skill's advice and set FEEDAX_REPORT_API_KEY as an environment variable. 2) Verify the API endpoint: the code calls http://221.6.15.90:18011 (an IP) rather than an official feedax.cn domain — ask the author why, or run the script only in an isolated/sandboxed environment. 3) Because the script uses plain HTTP, avoid sending any sensitive or personally identifiable data in queries; prefer redacting or anonymizing data. 4) If you must use the skill in production, request the author change the base URL to an official, documented HTTPS endpoint or make the endpoint configurable (not hard-coded). 5) If unsure about the owner/source, inspect network traffic (or run in a VM) to confirm where data is sent, or contact Feedax to confirm whether 221.6.15.90:18011 is an authorised Feedax endpoint. These steps will reduce the risk of unintended data exposure.

功能分析

Type: OpenClaw Skill Name: trend-scope Version: 1.0.2 The TrendScope skill is classified as suspicious due to several significant security vulnerabilities and high-risk behaviors. Most notably, the script `scripts/report_cli.py` transmits the sensitive `FEEDAX_REPORT_API_KEY` over unencrypted HTTP to a hardcoded IP address (http://221.6.15.90:18011), exposing the credential to interception. Additionally, the instructions in `skill.md` direct the AI agent to construct shell commands using potentially unsanitized user input for the `--query` parameter, creating a risk of shell injection. The skill also requires broad file system write access to the user's Desktop (`~/Desktop/舆情分析报告/`) to save generated reports. While these functions are aligned with the stated purpose, the lack of transport encryption and the potential for command injection represent meaningful security risks.

能力评估

ℹ Purpose & Capability

Name/description, required binary (python3), and request for a FEEDAX API key align with a report-generation tool that calls an external Feedax API. The code includes area code data and report templates that are coherent with purpose. HOWEVER the implementation hard-codes API_BASE_URL = "http://221.6.15.90:18011" (an IP) rather than using the advertised https://www.feedax.cn or a configurable official domain; this mismatch is unexplained.

⚠ Instruction Scope

SKILL.md explicitly says queries and filter parameters will be submitted to the Feedax report API and warns users not to paste sensitive identifiers. The code does send the query/filters to an external endpoint, which is expected, but the endpoint differs (hard-coded IP) and uses plain HTTP. The skill will save full reports to ~/Desktop/舆情分析报告/. The instructions do not explain the IP endpoint or why HTTP is used, and that lack of transparency is a scope/privacy concern.

ℹ Install Mechanism

There is no install spec (instruction-only plus included scripts), so nothing is automatically downloaded during install — lower file-write risk. However the bundled script will perform network requests to a hard-coded external IP; no installer mitigates that. No external downloads or obscure installers are present.

ℹ Credentials

Requested env var FEEDAX_REPORT_API_KEY (primary credential) is appropriate for an API-based reporting tool; the script also accepts FEEDAX_SEARCH_API_KEY as a fallback. No unrelated secrets or broad credential scopes are requested. Still, a single API key gives the remote endpoint full ability to accept submitted queries and respond with data — coupled with the unexplained IP/HTTP endpoint, that is a privacy risk.

✓ Persistence & Privilege

Skill does not request always:true, has no install hook, and does not modify other skills or system config. It writes reports to a directory under the user's home (~/Desktop/舆情分析报告/) which is expected behavior for a report generator.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install trend-scope
安装完成后，直接呼叫该 Skill 的名称或使用 /trend-scope 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

No changes detected in this version. - No file changes were made between this and the previous version.

v1.0.1

trend-scope v1.0.1 - 环境变量配置改为推荐使用 FEEDAX_REPORT_API_KEY，提升安全性与兼容性，弃用 FEEDAX_SEARCH_API_KEY。 - 更新文档，强调 API Key 配置不应在对话或日志中明文传递，增加隐私与安全防护提醒。 - skill.md 添加 openclaw 兼容 metadata，明确依赖环境和执行要求。

v1.0.0

TrendScope 1.0.0 初始发布 - 全新发布专业舆情趋势洞察技能，根据用户输入自动生成多维度舆情分析报告 - 支持情感分布、地域分布、关键词、媒体分布、时间趋势等丰富分析维度 - 灵活解析用户自然语言实现自动参数提取，精准支持地域、媒体、情感等多种筛选 - 报告摘要智能展示，完整报告自动保存至本地指定目录 - 提供详细CLI参数及分析维度文档，方便用户个性化定制分析需求

元数据

Slug trend-scope

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Trend Scope 是什么？

舆情趋势洞察技能。根据用户需求自动生成专业的舆情分析报告，包含情感分布、地域分布、关键词分析、媒体分布、时间趋势等多维度分析。触发词：舆情、报告、生成报告、舆情报告、分析报告、品牌分析、市场分析、竞品分析、趋势分析。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 116 次。

如何安装 Trend Scope？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install trend-scope」即可一键安装，无需额外配置。

Trend Scope 是免费的吗？

是的，Trend Scope 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Trend Scope 支持哪些平台？

Trend Scope 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Trend Scope？

由 longGGGGGG（@longgggggg）开发并维护，当前版本 v1.0.2。