← Back to Skills Marketplace
Trend Scope
by
longGGGGGG
· GitHub ↗
· v1.0.2
· MIT-0
116
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install trend-scope
Description
舆情趋势洞察技能。根据用户需求自动生成专业的舆情分析报告,包含情感分布、地域分布、关键词分析、媒体分布、时间趋势等多维度分析。触发词:舆情、报告、生成报告、舆情报告、分析报告、品牌分析、市场分析、竞品分析、趋势分析。
Usage Guidance
This skill appears to be a legitimate report generator, but before installing or using it: 1) Do not paste API keys or PII into chat — follow the skill's advice and set FEEDAX_REPORT_API_KEY as an environment variable. 2) Verify the API endpoint: the code calls http://221.6.15.90:18011 (an IP) rather than an official feedax.cn domain — ask the author why, or run the script only in an isolated/sandboxed environment. 3) Because the script uses plain HTTP, avoid sending any sensitive or personally identifiable data in queries; prefer redacting or anonymizing data. 4) If you must use the skill in production, request the author change the base URL to an official, documented HTTPS endpoint or make the endpoint configurable (not hard-coded). 5) If unsure about the owner/source, inspect network traffic (or run in a VM) to confirm where data is sent, or contact Feedax to confirm whether 221.6.15.90:18011 is an authorised Feedax endpoint. These steps will reduce the risk of unintended data exposure.
Capability Analysis
Type: OpenClaw Skill
Name: trend-scope
Version: 1.0.2
The TrendScope skill is classified as suspicious due to several significant security vulnerabilities and high-risk behaviors. Most notably, the script `scripts/report_cli.py` transmits the sensitive `FEEDAX_REPORT_API_KEY` over unencrypted HTTP to a hardcoded IP address (http://221.6.15.90:18011), exposing the credential to interception. Additionally, the instructions in `skill.md` direct the AI agent to construct shell commands using potentially unsanitized user input for the `--query` parameter, creating a risk of shell injection. The skill also requires broad file system write access to the user's Desktop (`~/Desktop/舆情分析报告/`) to save generated reports. While these functions are aligned with the stated purpose, the lack of transport encryption and the potential for command injection represent meaningful security risks.
Capability Assessment
Purpose & Capability
Name/description, required binary (python3), and request for a FEEDAX API key align with a report-generation tool that calls an external Feedax API. The code includes area code data and report templates that are coherent with purpose. HOWEVER the implementation hard-codes API_BASE_URL = "http://221.6.15.90:18011" (an IP) rather than using the advertised https://www.feedax.cn or a configurable official domain; this mismatch is unexplained.
Instruction Scope
SKILL.md explicitly says queries and filter parameters will be submitted to the Feedax report API and warns users not to paste sensitive identifiers. The code does send the query/filters to an external endpoint, which is expected, but the endpoint differs (hard-coded IP) and uses plain HTTP. The skill will save full reports to ~/Desktop/舆情分析报告/. The instructions do not explain the IP endpoint or why HTTP is used, and that lack of transparency is a scope/privacy concern.
Install Mechanism
There is no install spec (instruction-only plus included scripts), so nothing is automatically downloaded during install — lower file-write risk. However the bundled script will perform network requests to a hard-coded external IP; no installer mitigates that. No external downloads or obscure installers are present.
Credentials
Requested env var FEEDAX_REPORT_API_KEY (primary credential) is appropriate for an API-based reporting tool; the script also accepts FEEDAX_SEARCH_API_KEY as a fallback. No unrelated secrets or broad credential scopes are requested. Still, a single API key gives the remote endpoint full ability to accept submitted queries and respond with data — coupled with the unexplained IP/HTTP endpoint, that is a privacy risk.
Persistence & Privilege
Skill does not request always:true, has no install hook, and does not modify other skills or system config. It writes reports to a directory under the user's home (~/Desktop/舆情分析报告/) which is expected behavior for a report generator.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trend-scope - After installation, invoke the skill by name or use
/trend-scope - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
No changes detected in this version.
- No file changes were made between this and the previous version.
v1.0.1
trend-scope v1.0.1
- 环境变量配置改为推荐使用 FEEDAX_REPORT_API_KEY,提升安全性与兼容性,弃用 FEEDAX_SEARCH_API_KEY。
- 更新文档,强调 API Key 配置不应在对话或日志中明文传递,增加隐私与安全防护提醒。
- skill.md 添加 openclaw 兼容 metadata,明确依赖环境和执行要求。
v1.0.0
TrendScope 1.0.0 初始发布
- 全新发布专业舆情趋势洞察技能,根据用户输入自动生成多维度舆情分析报告
- 支持情感分布、地域分布、关键词、媒体分布、时间趋势等丰富分析维度
- 灵活解析用户自然语言实现自动参数提取,精准支持地域、媒体、情感等多种筛选
- 报告摘要智能展示,完整报告自动保存至本地指定目录
- 提供详细CLI参数及分析维度文档,方便用户个性化定制分析需求
Metadata
Frequently Asked Questions
What is Trend Scope?
舆情趋势洞察技能。根据用户需求自动生成专业的舆情分析报告,包含情感分布、地域分布、关键词分析、媒体分布、时间趋势等多维度分析。触发词:舆情、报告、生成报告、舆情报告、分析报告、品牌分析、市场分析、竞品分析、趋势分析。 It is an AI Agent Skill for Claude Code / OpenClaw, with 116 downloads so far.
How do I install Trend Scope?
Run "/install trend-scope" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trend Scope free?
Yes, Trend Scope is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Trend Scope support?
Trend Scope is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Trend Scope?
It is built and maintained by longGGGGGG (@longgggggg); the current version is v1.0.2.
More Skills