Cctv News Fetcher Litiao
v1.0.0Fetch and parse news highlights from CCTV News Broadcast (Xinwen Lianbo) for a given date.
⭐ 0· 128·1 current·1 all-time
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the included code: scripts/news_crawler.js fetches and parses CCTV news pages for a given date. The dependency on node-html-parser is coherent with HTML parsing. However, SKILL.md requires 'bun' (or node) to run while the registry metadata lists no required binaries — this mismatch should be clarified.
Instruction Scope
SKILL.md instructs the agent to run the included script and parse its JSON output — that stays within the stated purpose. Minor concerns: the instructions reference {baseDir} (placeholder) rather than an absolute/explicit path, and the script extracts and follows URLs found on the CCTV pages using a regex that can capture any http(s) URL. In practice these will usually be CCTV links, but the code could follow external links if present.
Install Mechanism
There is no install spec (instruction-only style) which is low risk. Package.json/package-lock list node-html-parser as a dependency but no installation step is provided; SKILL.md asks the environment to have bun installed. This inconsistency (declared dependencies but no install step) is a maintainability/usability issue rather than clearly malicious.
Credentials
The skill requests no environment variables or credentials (appropriate for a public web scraper). The script does include hard-coded request headers (including a Cookie value and Host) — the Cookie is unnecessary for an ordinary scrape and is unexpected; it doesn't leak local secrets but is unusual and should be explained or removed.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges, modify other skills, or require credential storage. Runtime autonomy (model invocation enabled) is the platform default and not an additional concern here.
What to consider before installing
This skill is mostly coherent with its stated purpose, but take a few precautions before running: 1) Confirm the runtime: SKILL.md asks for 'bun' (or node) though the registry lists no required binaries — install/confirm bun or run with a recent Node that provides fetch. 2) Review or remove the hard-coded Cookie header (cna=...) — it is unnecessary for a simple scrape and unexpected. 3) Run the script in a sandboxed environment (or locally) the first time; the crawler follows URLs found on scraped pages so running in an isolated environment reduces risk if pages contain external links. 4) If you need to install dependencies, run npm/install in a controlled context and inspect package-lock; node-html-parser is a reasonable dependency. If you want me to, I can point out the exact lines to change (e.g., remove the Cookie header) or produce a safer wrapper to validate that fetched URLs are limited to cctv/cntv domains.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
CCTV News Fetcher
This skill allows you to fetch summary titles and content from the CCTV News Broadcast for any specific date.
Usage
You can ask the agent to:
- "Fetch CCTV news for 20250210"
- "Give me the news highlights for yesterday"
Instructions
When the user asks for news from a specific date:
- Format the date as
YYYYMMDD. If the user says "yesterday" or "today", calculate the date relative to the current local time. - Execute the script at
{baseDir}/scripts/news_crawler.jsusingbunornode.- Command:
bun {baseDir}/scripts/news_crawler.js <YYYYMMDD>
- Command:
- Parse the JSON output and summarize it for the user. Group news by "Domestic" and "International" if possible based on titles, or just list the highlights.
Configuration
The skill depends on node-html-parser.
Ensure bun is installed in the environment.
Files
6 totalSelect a file
Select a file to preview.
Comments
Loading comments…