📦 AI Search Rank Tracker — AI搜索排名监控
v0.1.0持续追踪 ChatGPT、Claude、Gemini、Perplexity 在给定 prompt 集合中是否推荐指定初创公司或品牌,实现 AI 搜索可见度(GEO)监测与竞品对比。
0· 259·0 当前·0 累计
by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill implements an LLM-based visibility tracker and legitimately needs API keys for the engines it queries (OpenAI, Anthropic, possibly routing proxies). That is proportionate to its purpose, but the registry metadata incorrectly lists no required environment variables — so the install will create/expect a .env file containing your API keys. Before installing: 1) Inspect the .env.example to see what keys are required and do not use high-privilege or shared production credentials; create a ...详细分析 ▾
ℹ 用途与能力
Name/description match the included code: dependencies (openai, @anthropic-ai/sdk) and code files indicate the tool queries ChatGPT/OpenAI and Anthropic (Claude). Requesting those SDKs is proportionate to the stated purpose. However, the skill metadata declares no required environment variables or primary credential while the code/output shows it expects API keys (e.g., ANTHROPIC_API_KEY, OpenAI-compatible keys). That mismatch is unexpected and reduces transparency.
ℹ 指令范围
SKILL.md instructions are straightforward: run the installer and run node src/index.js with a prompts JSON. It tells the user to 'Configure keys in .env' and supports OpenAI/Anthropic/OpenRouter-style setups. The runtime scripts read/write prompts/starter.json and create a .env from .env.example. The instructions do not instruct indiscriminate file reads or network exfiltration beyond calling LLM APIs, but they implicitly rely on secrets in .env that are not listed in the registry metadata.
✓ 安装机制
No external binary downloads or obscure URLs; install.sh runs npm install and copies .env.example to .env. Dependencies are pulled from npm (openai, @anthropic-ai/sdk, dotenv) which is a standard, traceable mechanism. No high-risk download/extract operations detected in the provided files.
⚠ 凭证需求
The code and outputs show it expects API credentials (Missing ANTHROPIC_API_KEY and OpenAI quota errors). Those credentials are proportionate to purpose (querying LLMs), but the registry metadata lists no required env vars. The missing declaration reduces transparency and could lead users to accidentally provide credentials to a package they didn't realize needed them.
✓ 持久化与权限
The skill does not request always:true, does not modify other skills or system-wide agent settings, and only creates/updates files within its repo (copies .env.example to .env and optionally edits prompts/starter.json). This behavior is normal for a local tool.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/15
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-search-rank-tracker
镜像加速npx clawhub@latest install ai-search-rank-tracker --registry https://cn.longxiaskill.com