Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
News Sentiment Scan
v1.0.0舆情监控与情绪分析技能。扫描港股、美股、A股等公司公告、新闻报道、券商研报、社交媒体(微博、雪球等),去噪后进行情绪打分(-10至+10),输出情绪温度计与重大事件清单。触发场景:舆情监控、情绪分析、新闻情绪、社交媒体情绪、上市公司消息面分析、研报解读、"监控XX股票舆情"、"XX新闻情绪如何"。
⭐ 1· 303·2 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md and the description claim multi-channel collection (公司公告、券商研报、微博、雪球、Google News、Twitter/X 等) and de-noising, but the included script (scripts/sentiment_scan.py) obtains news via yfinance.Ticker only and processes titles; there is no code to fetch from Weibo, Xueqiu, Google News, Twitter/X, regulatory filing APIs, or broker research. The requested/required environment, binaries, and credentials are minimal/none — inconsistent with the claimed multi-source scraping.
Instruction Scope
SKILL.md instructs running the Python script and promises broad scraping/denoising behavior. The script's runtime behavior is limited to fetching news/info via yfinance and performing local text-based sentiment heuristics; it does not read system files, environment variables, or contact hidden endpoints beyond what yfinance uses. The instructions over-promise functionality (social media, research reports, filings, anti-bot/waterarmy filtering) that is not implemented in the code.
Install Mechanism
No install spec is provided (instruction-only + a local script). The Python script depends on standard pip packages (yfinance, pandas) and prints an error instructing the user to pip install them if missing. There are no downloads from arbitrary URLs or archive extraction in the manifest.
Credentials
The skill declares no required environment variables or credentials. That is proportionate to the shipped implementation (yfinance-based). However, SKILL.md claims access to platforms that often require credentials or special handling (Weibo, Xueqiu, Twitter/X), yet no credential fields or scraping instructions are present — this is an omission/inconsistency that may reflect incomplete implementation or misleading documentation.
Persistence & Privilege
The skill does not request persistent presence (always: false) and is user-invocable. It does not modify other skills or system configuration. There is no indication of elevated privileges or automatic always-on behavior.
What to consider before installing
This skill overstates its capabilities: the README promises multi-source scraping and de-noising (Weibo, Xueqiu, Google News, Twitter/X, filings, broker reports) but the included script only uses yfinance to fetch news and runs local keyword/pattern heuristics. Before installing or using: (1) inspect the code yourself or run it in an isolated environment to confirm what networks it contacts (yfinance/Yahoo is the only evident external source); (2) do not assume it collects Weibo/Xueqiu/broker reports—ask the author for the missing implementations or credentials if you need those sources; (3) if you plan to use results for trading, remember it's not financial advice and the heuristic scoring is simplistic; (4) monitor network traffic if you need to verify there are no hidden endpoints; and (5) consider sandboxing or code review before granting broader access or relying on it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk9792b7shwp175y0p4cyayjkpn836xt3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.