ClawHub

Cue

v1.0.4

AI-powered financial research assistant with "White-Box" evidence engineering. Multi-Agent architecture for automated information collection, verification, a...

0· 598·2 current·2 all-time
by@huhoo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md describe a financial research + monitoring tool that stores data under ~/.cuecue, runs recurring background work, and calls external APIs (cuecue.cn, optional api.tavily.com) — all coherent with its stated purpose. However the registry metadata you were shown lists no required env vars, no persistent storage, and 'instruction-only', which contradicts the included docs/code that require CUECUE_API_KEY, may use notification channel tokens (FEISHU_*), and include many source files. That metadata mismatch is a meaningful inconsistency.
!
Instruction Scope
SKILL.md and SECURITY.md explicitly instruct the agent (and user) that the skill will create ~/.cuecue, persist API keys to ~/.cuecue/.env.secure, perform periodic monitoring, and contact external endpoints. Those actions are within scope for a monitoring/research tool. But there are inconsistent statements across files about whether scheduling modifies system crontab (v1.0.3 did) vs using node-cron internal scheduling (v1.0.4 claims not to). SKILL.md also warns it 'may reuse OpenClaw channel tokens (FEISHU_*)' — reading/reusing other runtime channel tokens increases scope and risk and should be explicitly requested/consented.
Install Mechanism
No install spec is published to the registry (it appears 'instruction-only'), yet the package contains many source files (Node.js project with package.json and package-lock.json). There are no external arbitrary download URLs in the manifest, and dependencies are standard npm packages. This is not high-risk by itself, but the absence of a declared install mechanism + the presence of code files is an inconsistency the user should note.
!
Credentials
Requiring a service API key (CUECUE_API_KEY) and an optional news API key (TAVILY_API_KEY) is proportional to a research/monitoring skill. Requesting or reusing messaging channel tokens (FEISHU_* or FEISHU_APP_ID/SECRET) is explainable for notifications but broad: those tokens can be used to send messages using other channels and may grant access beyond the skill's scope. Registry metadata not declaring these env vars (while code/docs do) is the main proportionality concern.
!
Persistence & Privilege
The skill intentionally creates persistent storage (~/.cuecue) and runs recurring background work (monitoring every ~30 minutes). Those are expected for a monitor/research tool, but they increase persistence blast radius. Historical notes in the repository show v1.0.3 previously modified system crontab and wrote to a shared ~/.openclaw/.env (high-risk), and v1.0.4 claims to have fixed these issues (moving to ~/.cuecue/.env.secure, node-cron internal scheduling, file permission hardening). Because those fixes are documented but not independently verified here, the persistent/background behavior remains a risk until validated.
Scan Findings in Context
[[writes_shared_env_file]] unexpected: Earlier versions (v1.0.3) wrote API keys into a shared ~/.openclaw/.env, which is not appropriate for a per-skill research tool. The repo's v1.0.4 documentation claims this was fixed (now writes to ~/.cuecue/.env.secure with 600 permissions). This scan finding would be unexpected for the stated purpose and should be verified absent.
[[cron_modification]] unexpected: Modifying the system crontab is a high-impact action. v1.0.3 did so, but v1.0.4 documents switching to node-cron (internal scheduling). System crontab modification is not necessary for per-user monitoring and would be unexpected without explicit user consent.
[[persistent_storage_declared]] expected: The skill legitimately needs persistent local storage (~/.cuecue) to keep tasks, monitors and logs; declaring and isolating that path is appropriate and is documented.
What to consider before installing
This skill appears to implement the research/monitoring behavior it describes, but the package contains inconsistencies you should resolve before installing: 1) Verify manifest/registry metadata — the registry listing should declare required env vars (CUECUE_API_KEY) and persistent storage (~/.cuecue). 2) Inspect the code (or run in a sandbox/container) to confirm it does NOT write to any shared config like ~/.openclaw/.env and that it uses node-cron (internal scheduling), not system crontab. 3) Provide the minimum-privilege API keys (create a read-only or scoped key for CueCue, use an optional test key for Tavily). 4) Do not hand over global channel tokens (FEISHU_*/OPENCLAW channel tokens) unless you explicitly intend notifications — prefer creating a dedicated notification webhook/account. 5) Check that ~/.cuecue and its credential file are created with 700/600 permissions and review logs. 6) Optionally firewall or restrict outbound access to only the declared endpoints (cuecue.cn, api.tavily.com) when testing. If you are not comfortable auditing the code yourself, run the skill in an isolated environment (VM/container) and confirm behavior before granting it persistent credentials on a production machine.

Like a lobster shell, security has layers — review code before you run it.

aivk9767nafa5rgc7ph26frzh71ph81pacsfinancevk9767nafa5rgc7ph26frzh71ph81pacsfinancial-analysisvk9767nafa5rgc7ph26frzh71ph81pacsinvestmentvk9767nafa5rgc7ph26frzh71ph81pacslatestvk97e98hj5js82djjymawaa017x81wb5smonitoringvk9767nafa5rgc7ph26frzh71ph81pacsresearchvk9767nafa5rgc7ph26frzh71ph81pacs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments