Liurun Fetcher
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your portfolio holdings or similar personal financial context could be written into local summary files and reused in future outputs without a clear opt-in boundary.
The skill tells the agent to incorporate Trade Arena holdings into generated summaries and save those summaries, but it does not define the data source, user approval step, retention, or redaction rules for that financial context.
3. 对用户的个性化启示(结合Trade Arena持仓等) ... 摘要保存到:`liurun-fetcher/articles/summary_{YYYY-MM-DD}.md`Require explicit user consent before using portfolio data, declare exactly where Trade Arena holdings come from, and avoid saving holdings unless the user asks for that personalization.
The skill may act through your logged-in WeChat browser session to read WeChat article pages.
The skill may use an existing logged-in WeChat browser session to access articles. This is disclosed and purpose-aligned, but it still crosses an account/session boundary.
微信原文需要浏览器已登录微信(或微信文章允许外部访问)
Use a dedicated or low-risk browser profile if possible, and only run the skill when you are comfortable with it accessing WeChat article pages through that session.
Automated browsing may trigger site restrictions or account friction even if the content is public.
The skill explicitly uses browser automation because direct HTTP access is blocked by anti-spider controls. There is no stealth/CAPTCHA bypass code shown, but the user should understand the site-access and account-risk implications.
反爬处理:直接 HTTP 访问搜狗链接会被 antispider 拦截,必须通过浏览器操作
Run it only where this access pattern is acceptable, and avoid unattended high-frequency scraping.
A cron job could continue fetching and saving articles daily until disabled.
The skill recommends persistent scheduled execution. This is consistent with a daily fetcher, but it can keep running after setup if the user forgets about it.
定时任务建议 - 执行时间:每天 10:00 ... 通过 cron 工具设置定时任务
Only create the schedule explicitly, document where it is installed, and provide or keep a clear disable/removal command.