基金新闻日报
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to fetch public fund-news results and generate Word documents, with the main caution being unpinned dependency installation and minor metadata inconsistency.
This skill looks appropriate for public fund-news collection and Word document generation. Before installing, verify the publisher/version and be cautious with the documented npm and pip installs because the dependency versions are not pinned.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned packages can expose users to dependency changes or supply-chain risk if a package later changes unexpectedly.
The skill documentation instructs installing external packages without pinned versions. This is purpose-aligned for search and Word generation, but users should be aware that package provenance and versions are not locked.
npm install -g mcporter ... pip install python-docx
Install dependencies from trusted package registries, consider pinning known-good versions, and review the package sources if used in a sensitive environment.
Users may have less certainty that the displayed registry metadata and packaged metadata refer to the same exact release.
The embedded metadata differs from the registry metadata provided for this review, which lists a different owner ID and version 1.0.1. This is a provenance/coherence issue, but the artifact behavior itself remains aligned with the stated purpose.
"ownerId": "kn781r78ayncbf9yk6be7z5e5182mmmc", "version": "1.0.0"
Confirm the publisher and version before installation, especially if relying on this skill in a production or compliance-sensitive workflow.