report-search
v1.0.0搜索并提取fxbaogao.com上的研报,支持按关键词、机构、作者和时间筛选,并提供报告摘要和正文阅读。
⭐ 0· 275·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe searching and extracting reports from fxbaogao.com and the package contains scripts that call fxbaogao APIs and render results. No unrelated binaries, credentials, or services are required by the skill.
Instruction Scope
SKILL.md instructs the agent to run the included search and detail scripts and to prefer summary_sections over dumping full content — this stays within scope. It also instructs operators that they may set FXBAOGAO_SSL_NO_VERIFY=1 to work around local certificate issues; that guidance is explicitly optional but is a potentially dangerous suggestion (disabling SSL verification weakens transport security) and should be used only under careful, temporary conditions.
Install Mechanism
There is no install spec and no external downloads; the skill is delivered as scripts and markdown only. That is low-risk from an install perspective (nothing is written to disk beyond the provided files).
Credentials
The skill declares no required environment variables or credentials. The Python client accepts optional environment variables (FXBAOGAO_BASE_URL, FXBAOGAO_DETAIL_BASE_URL, FXBAOGAO_USER_AGENT, FXBAOGAO_HTTP_TIMEOUT, FXBAOGAO_SSL_NO_VERIFY). Those are reasonable for configuration, but changing BASE_URL could point the scripts at an arbitrary server if a user or operator overrides it — verify the endpoint before running. The skill does not request API keys, tokens, or other secrets.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by default (normal) but is not combined with other concerning privileges.
Assessment
This skill appears to be what it says: local Python scripts that query api.fxbaogao.com and fetch report detail pages. Before installing/running: 1) Ensure you are comfortable allowing outbound HTTPS to api.fxbaogao.com and www.fxbaogao.com from the environment that will execute the scripts. 2) The skill does not ask for credentials, but it accepts optional env vars (FXBAOGAO_BASE_URL etc.) — do not set FXBAOGAO_BASE_URL to an unknown host unless you trust it. 3) Avoid setting FXBAOGAO_SSL_NO_VERIFY=1 except as a short-term debug workaround; disabling SSL verification exposes you to man-in-the-middle risk. 4) If you want extra caution, run the included validate.py and inspect fxbaogao_client.py (network code) yourself, or run the scripts in an isolated/containerized environment. 5) If you need the skill to run without external network access, it will not function properly — it requires outbound access to fetch search results and details.Like a lobster shell, security has layers — review code before you run it.
latestvk975xgxqgrhw25t6fpv6nhz5sn82p63h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.