ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hotnews Excel

v1.0.0

当用户发送热点新闻Excel文件时,自动:。触发词:skill, 优化, 数据, data。

0· 62·0 current·0 all-time
by@horizoncove

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for horizoncove/yuheng-hotnews-excel.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Hotnews Excel" (horizoncove/yuheng-hotnews-excel) from ClawHub.
Skill page: https://clawhub.ai/horizoncove/yuheng-hotnews-excel
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yuheng-hotnews-excel

ClawHub CLI

Package manager switcher

npx clawhub@latest install yuheng-hotnews-excel
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the expected behavior (parse Excel, extract summaries, save JSON). However the SKILL.md assumes a local script at /workspace/scripts/read_hotnews.py and specific directories under /workspace which are not provided by the skill bundle, creating a gap between claimed capability and what is actually available.
!
Instruction Scope
Instructions tell the agent to execute a Python script (python3 /workspace/scripts/read_hotnews.py), read and write files under /workspace/data and /workspace/logs, and install a cron job. The skill bundle contains no code, so the agent would rely on existing local files. These instructions allow filesystem modification and persistent scheduling and are not constrained or validated in the SKILL.md.
Install Mechanism
There is no install spec (instruction-only), so nothing will be written by the installer — lower installation risk — but that also means required runtime scripts must already exist on the host. The skill's behavior therefore depends on external, unbundled code.
!
Credentials
The skill declares no environment variables or credentials, which is coherent, but it requires read/write access to /workspace paths and suggests adding a cron entry. Those filesystem and scheduling accesses are effectively elevated capabilities and are not documented as required configuration.
!
Persistence & Privilege
The SKILL.md recommends creating a cron job to run daily, which creates persistent behavior outside single invocations. Although always:false and autonomous invocation are default, the combination of autonomous execution plus an instruction to install a cron job increases the potential blast radius if the underlying script is untrusted.
What to consider before installing
Before installing or enabling this skill, verify the following: (1) The referenced script /workspace/scripts/read_hotnews.py actually exists and inspect its source — the skill package contains no code. (2) Confirm you are comfortable with the skill reading and writing files under /workspace (e.g., /workspace/data, /workspace/logs) and that no sensitive data is stored there. (3) Do not allow the agent to autonomously add system cron jobs unless you have reviewed the scheduled command and its permissions; prefer manual scheduling or a containerized sandbox. (4) Ensure the Excel parsing code safely handles untrusted files (avoid XML/zip parsing vulnerabilities). If you cannot review the script or restrict filesystem/crontab access, treat this skill as risky.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d09zd7q54pa3dqx344dbxex85dj9p
62downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@horizoncove
latest
Download

SKILL: 热点新闻Excel处理

功能

当用户发送热点新闻Excel文件时,自动:

  1. 解析Excel文件(按Sheet分类)
  2. 提取热点内容并总结
  3. 保存完整数据到 /workspace/data/hotnews_YYYY-MM-DD.json
  4. 提供分类热点汇总

触发条件

  • 用户发送 .xlsx 文件且文件名包含"热点"

执行流程

步骤1: 解析Excel

python3 /workspace/scripts/read_hotnews.py

步骤2: 读取数据

# 读取保存的JSON
with open('/workspace/data/hotnews_YYYY-MM-DD.json', 'r') as f:
    data = json.load(f)

步骤3: 分类汇总

按Sheet分类输出:

  • 其他: 84条
  • 国际: 191条
  • 市场: 66条
  • 公司: 38条
  • 观点: 15条
  • A股: 6条
  • 宏观: 11条
  • 数据: 4条
  • 央行: 4条

步骤4: 提取重点

识别关键热点:

  • 中东局势/伊朗
  • 能源/油价
  • A股市场
  • 国内宏观
  • 国际关系

输出格式

简要版

## 热点汇总 (YYYY-MM-DD)

### 重点
- 热点1
- 热点2

### 详细分类
[按Sheet分类列出]

完整版

保存到: /workspace/data/hotnews_YYYY-MM-DD.json

定时任务

配置cron每天早上8点检查并处理:

# 每天8点自动处理昨日热点
0 8 * * * cd /workspace && python3 scripts/read_hotnews.py >> /workspace/logs/hotnews.log 2>&1

依赖

  • Python: zipfile, xml.etree.ElementTree, json
  • 输入: Excel (.xlsx)
  • 输出: JSON + Markdown汇总

Comments

Loading comments...