ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

卓钢链黑色产研院的早报工具

v1.0.0

期货早报生成工具。用户输入网址或留空默认使用西本资讯,自动抓取当天最新行业要闻早餐,按固定HTML格式输出,包含:整体综述(置顶)、重点关注(3条)、信息速览(行情表格)、宏观要闻(10条+详情)、产业要闻(6条+详情)。触发词:生成早报、期货早报、早间新闻、行业要闻早餐、早班车、卓钢早报。

0· 86·0 current·0 all-time
by@lirenming

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lirenming/futures-morning-brief.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "卓钢链黑色产研院的早报工具" (lirenming/futures-morning-brief) from ClawHub.
Skill page: https://clawhub.ai/lirenming/futures-morning-brief
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install futures-morning-brief

ClawHub CLI

Package manager switcher

npx clawhub@latest install futures-morning-brief
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included files (SKILL.md, template, output-format) match the described purpose: scraping a single provided news page (default steelx2.com) and producing an HTML brief. There are no unrelated required binaries or credentials.
!
Instruction Scope
Runtime instructions explicitly tell the agent to fetch the provided URL (or default steelx2.com), extract many items, save a generated HTML to the user's Desktop, and open a screenshot for verification. The spec also requires the output to omit any source attribution. The provided HTML template contains external links/images (wework.qpic.cn, open.work.weixin.qq.com, etc.) which the user's browser or agent will load when the file is opened — this can leak the user's IP and reveal that the file was opened. The 'do not show sources' requirement is an integrity/ethics concern and may be incompatible with copyright or audit requirements.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute; low installation risk. Nothing will be downloaded/installed by the skill itself according to metadata.
Credentials
No credentials or environment variables are requested, which is proportionate. However, the instructions implicitly require filesystem access (write to Desktop) and network access (HTTP fetches of the provided URL and the template's remote assets). If you intend to run this against internal or authenticated pages, the skill's behavior could leak sensitive content or credentials if the runtime transmits data externally.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request persistent presence or modify other skills' configs according to the manifest.
What to consider before installing
What to consider before installing: - Confirm you are comfortable with the skill saving files to your Desktop and with the agent (runtime) having filesystem write permission. If you run the agent on a shared machine, generated files may be visible to others. - The skill explicitly hides source attribution in every output. That can create copyright, audit, or trust issues — if you need provenance or must keep attribution, do not use this behavior or modify the template/instructions. - The provided HTML template contains external image/link URLs (wework.qpic.cn, open.work.weixin.qq.com, etc.). Opening the generated HTML will cause your browser or agent to contact those servers, which can expose your IP and that you opened the file. Remove or inline external assets if you need privacy, or configure the agent to sanitize/strip remote resources. - Avoid pointing the tool at private/internal URLs or pages requiring authentication unless you understand how the agent handles fetched content and whether outputs will be transmitted off-host. Recommended mitigations: - Inspect and edit assets/template.html to remove or localize external resources before use. - Change the output-format to include source attribution if you require provenance. - Test the skill on a public, non-sensitive URL first to observe behavior. - Ask the maintainer (or provide additional docs) about where the agent runs (local vs. cloud), whether outputs are uploaded automatically, and whether screenshots or generated files are transmitted to external services — this information would increase confidence and could change the verdict to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfyxge0a0nq6by67vabfzfs84qyc1
86downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@lirenming
latest
Download

期货早报生成工具

工作流程

Step 1:获取目标 URL

Step 2:提取页面内容

  • 重点关注:页面中重点关注板块(通常3条,含标题+详情)
  • 行情数据:品种、收盘价、涨跌、幅度
  • 宏观要闻:10条(标题+详情)
  • 产业要闻:6条(标题+详情)

Step 3:生成 HTML 早报

按 eferences/output-format.md 规范输出,保存到用户桌面。

HTML 结构顺序:

  1. 顶部横幅
  2. 整体综述(置顶第一版块)
  3. 重点关注(3条)
  4. 信息速览(四列表格)
  5. 宏观要闻(标题列表+每条标题+内容展开,共10条)
  6. 产业要闻(标题列表+每条标题+内容展开,共6条)
  7. 页脚

全文不显示任何来源说明。

Step 4:验证

打开生成的 HTML 截图确认。

参考资源

  • 格式规范: eferences/output-format.md
  • 原始模版:ssets/template.html

注意事项

  • 默认:西本资讯 steelx2.com,自动获取最新一期早报
  • 表格涨跌:正数红色 rgb(204,0,0);负数绿色 rgb(0,128,0)
  • 宏观/产业要闻:每条新闻标题+内容直接展开,不用折叠/滚动区
  • 产业要闻标题蓝色 rgb(79,129,189);宏观要闻标题棕色 rgb(117,79,68)
  • 主色调:#d2bd8b 金棕色

Comments

Loading comments...