ccf-events
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: ccf-events Version: 1.1.416 The skill bundle is a comprehensive tool for querying China Computer Federation (CCF) events, certifications, and competitions. It utilizes legitimate CCF API endpoints and provides a well-documented workflow for using Puppeteer to scrape dynamic content from official sites like noi.cn and cspro.org. The included environment detection script (scripts/ensure_puppeteer.js) follows security best practices by emphasizing user consent, avoiding silent installations, and providing manual verification commands rather than executing them automatically. No evidence of data exfiltration, malicious persistence, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill may contact CCF web services to fetch event data.
The skill instructs the agent to make external web requests to CCF endpoints, which is expected for an event-querying skill and is openly documented.
curl -s -X POST "https://conf.ccf.org.cn/conf/v2/index/meeting/list.do" ... -d '{"pageNo":1,"pageSize":50,"signupTimeState":"0","sortType":"0"}'Use it for CCF-related queries and expect network access to the listed CCF domains.
Search terms or interest keywords you provide may be included in requests to CCF resource pages.
User-provided search keywords may be sent to the CCF digital library, but the instructions explicitly require URL encoding and keep the request within the skill's stated purpose.
按用户输入的关键词检索(必须编码) ... --data-urlencode "searWord=${USER_KEYWORD}"Avoid putting private or sensitive personal information into search keywords.
If you run the optional setup commands, npm may install third-party Puppeteer code and related browser tooling.
The package includes optional Puppeteer setup scripts and an npm dependency even though the registry lists no install spec. This is not shown as auto-executed, but users should notice it before running npm setup commands.
"scripts": { "setup:puppeteer": "node scripts/ensure_puppeteer.js --install" }, "dependencies": { "puppeteer": "^24.15.0" }Only run the Puppeteer setup if you need browser automation, and prefer exact pinned installs or reviewed lockfiles.