ccf-events
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill may contact CCF web services to fetch event data.
The skill instructs the agent to make external web requests to CCF endpoints, which is expected for an event-querying skill and is openly documented.
curl -s -X POST "https://conf.ccf.org.cn/conf/v2/index/meeting/list.do" ... -d '{"pageNo":1,"pageSize":50,"signupTimeState":"0","sortType":"0"}'Use it for CCF-related queries and expect network access to the listed CCF domains.
Search terms or interest keywords you provide may be included in requests to CCF resource pages.
User-provided search keywords may be sent to the CCF digital library, but the instructions explicitly require URL encoding and keep the request within the skill's stated purpose.
按用户输入的关键词检索(必须编码) ... --data-urlencode "searWord=${USER_KEYWORD}"Avoid putting private or sensitive personal information into search keywords.
If you run the optional setup commands, npm may install third-party Puppeteer code and related browser tooling.
The package includes optional Puppeteer setup scripts and an npm dependency even though the registry lists no install spec. This is not shown as auto-executed, but users should notice it before running npm setup commands.
"scripts": { "setup:puppeteer": "node scripts/ensure_puppeteer.js --install" }, "dependencies": { "puppeteer": "^24.15.0" }Only run the Puppeteer setup if you need browser automation, and prefer exact pinned installs or reviewed lockfiles.