美股IPO机会扫描
v1.0.0美股IPO机会扫描与早期信号捕获。用于发现美股新股、IPO、直接上市、基金等投资机会。 当用户提到:美股、IPO、新股、上市、new listing、IPO scanner、IPO机会、错过股票、VCX、Fundrise等关键词时触发此技能。 包含三层信号源架构:Layer 1新机会发现、Layer 2起飞信号、...
⭐ 0· 62·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the SKILL.md and references: it lists public RSS feeds, Reddit/Twitter search RSS, Benzinga, Invezz, Nasdaq, etc. There are no unrelated binaries, environment variables, or config paths required. The requested resources are proportionate to an IPO-scanner purpose.
Instruction Scope
Instructions are limited to aggregating and scoring public feeds (RSS, Reddit, Twitter via rss.app, Benzinga). They do not instruct reading local files, secrets, or unrelated system state. However the doc is open-ended about automation and 'push reminders' — implementing that will require connectors/credentials (webhooks, email, Slack, rss.app account, or Twitter APIs) not described here. That ambiguity could cause the agent to request additional access when automating.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install profile: nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is consistent with scanning public RSS feeds. Note: if you choose to implement the optional 'automatic radar' or push notifications, you will need to supply third-party credentials (rss.app, webhook/API keys, Twitter/X API access) — those would be expected but are not requested by this skill as-is.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed by default but that is normal and not by itself a problem.
Scan Findings in Context
[no-findings] expected: The static regex scanner found nothing to analyze because the skill is instruction-only (no code files). Absence of findings is expected but does not guarantee safety; evaluate runtime integrations before automation.
Assessment
This skill is internally consistent for discovering IPO signals from public sources. Before installing or automating it, consider: (1) The SKILL.md suggests pushing alerts and building an 'automatic radar' — those actions will require third-party accounts/API keys (rss.app, Twitter/X API, Slack/webhook, email) and you should only provide credentials to trusted implementations and store them securely. (2) Validate each RSS endpoint yourself (some sources may rate-limit, require scraping, or change formats). (3) Be cautious about relying on early social signals for trading — they can be noisy and legally sensitive; this skill provides signals, not financial advice. (4) If you later add code to automate scraping or posting, prefer reputable libraries and hostnames (no downloads from untrusted URLs), and audit any code that would write to disk or exfiltrate data. If you want, I can review a proposed automation implementation (scripts, webhooks, or required env vars) to spot any incoherent or risky requests.Like a lobster shell, security has layers — review code before you run it.
latestvk973448b0q060bmn3tm4xs7pr983mp7d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.