Eternal Daily Briefing
v1.0.0Generate a consolidated daily briefing with weather, calendar events, tasks, news, and market data. Use when the user asks for a morning briefing, daily upda...
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and scripts/briefing.py are consistent: the script fetches weather (wttr.in), news (Google News RSS), market data (via yfinance), and reads local tasks/events files under ~/.briefing. All requested resources map to the stated features.
Instruction Scope
Runtime instructions and the code limit operations to reading/writing ~/.briefing/{config,tasks,events}.json and making network requests to the external services explicitly listed in the README (wttr.in, Google News RSS, Yahoo via yfinance). There are no instructions to read unrelated system files or to post data to unknown endpoints.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to system locations during install — good from a risk perspective. Note: the script imports third-party Python packages (requests, beautifulsoup4/bs4, yfinance) but SKILL.md does not provide explicit dependency/install instructions; this is an operational omission, not a security problem.
Credentials
The skill requests no environment variables or external credentials. It writes a default config to ~/.briefing/config.json and reads tasks/events from the same directory, which is appropriate for its purpose. No tokens or sensitive system credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It creates/uses only its own config directory (~/.briefing) and does not modify other skills or system-wide agent settings.
Assessment
This skill appears internally consistent and does what it says: it will create ~/.briefing/config.json (with a default) and read ~/.briefing/tasks.json and events.json, and it will make network requests to wttr.in, Google News RSS, and Yahoo (via yfinance). Before installing/run: (1) review the full script locally (it’s included) to confirm you’re comfortable running code from an unknown source; (2) install the required Python packages (requests, beautifulsoup4, yfinance) in an isolated environment (virtualenv) to avoid polluting your system; (3) if you store sensitive tasks/events, be aware the script reads those files locally but does not transmit them to arbitrary endpoints; and (4) if you plan to run via cron, schedule it under an account with only the permissions you want the skill to have. If you want higher assurance, ask the publisher for a homepage or source repository and a dependency list / installation instructions.Like a lobster shell, security has layers — review code before you run it.
latestvk976m7mwcpqcgef3sepr8bzsj583yhwe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.