Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Finance News Litiao
v1.0.0Market news briefings with AI summaries. Use when asked about stock news, market updates, portfolio performance, morning/evening briefings, financial headlin...
⭐ 0· 126·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide market briefings and message delivery (WhatsApp/Telegram) which aligns with the included scripts and workflows. However the registry metadata declares no required environment variables or credentials while README and SKILL.md expect FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL, and the cron scripts include a hard-coded default FINANCE_NEWS_TARGET value (120363421796203667@g.us). The repo metadata ownerId in _meta.json differs from the registry owner ID shown — possible fork or republish. These mismatches are unexpected and warrant caution before trusting defaults.
Instruction Scope
SKILL.md and README instruct the agent/user to run local CLI, configure cron jobs, and use Lobster/openclaw to send messages. docs/PREMIUM_SOURCES.md explicitly instructs how to export browser session cookies and place them in config/cookies.json for WSJ/Barron's access. That directs the skill (and user) to collect and store highly sensitive authentication cookies and to send briefings automatically to configured channels — scope includes secret handling and outbound delivery beyond simple RSS fetching.
Install Mechanism
There is no install spec in the registry (instruction-only), but the package includes full Python scripts, a Dockerfile, and workflow definitions. No external download URLs or shorteners are used. Building/running the included Docker image executes code from the repo — normal for a packaged skill, but you should review the code before building/running.
Credentials
Registry shows no required env vars, but README/SKILL.md reference FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL (and SKILL_DIR). More importantly, cron scripts default FINANCE_NEWS_TARGET to a specific WhatsApp JID when the env var is unset — meaning the skill will send outputs to that external target unless you explicitly override the env var. The docs also encourage storing browser session cookies (sensitive secrets) locally for premium sources. Requesting/storing cookies is explainable for premium content, but it's sensitive and not declared in registry metadata.
Persistence & Privilege
The skill is not force-installed (always: false) and not explicitly granted extra platform privileges, but it includes cron scripts and Lobster workflows that, if enabled, will schedule automated briefings and alerts. Combined with the hard-coded default target, this creates a realistic risk of automated outbound messages (including potentially confidential portfolio summaries) being sent to an external group unless the user overrides configuration. Autonomous invocation by the agent is allowed by default (normal), which increases blast radius if misconfigured.
Scan Findings in Context
[hardcoded.FINANCE_NEWS_TARGET.default] unexpected: cron scripts set FINANCE_NEWS_TARGET default to 120363421796203667@g.us. A delivery target defaulting to an external group is not expected and could cause automatic data disclosure if env vars are not set.
[docs.premium_cookies_instructions] expected: The docs intentionally describe how to export and store browser session cookies for premium sources; this is functionally explainable (to bypass paywalls) but involves storing highly sensitive session cookies which must be treated like passwords and are risky.
[metadata.owner_mismatch] unexpected: Owner ID in _meta.json differs from registry ownerId. This could indicate a fork/republish or packaging inconsistency and is worth verifying with the publisher.
What to consider before installing
What to check before installing or running this skill:
- Do not run any cron or workflow until you confirm delivery targets. The cron scripts default to sending messages to a specific WhatsApp JID (120363421796203667@g.us) if FINANCE_NEWS_TARGET is not set; explicitly set FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL to your intended destination before enabling scheduled jobs.
- Treat cookies.json and any exported browser session cookies as secrets. The docs show how to export WSJ/Barron's session cookies and put them in config/cookies.json; avoid doing this unless you understand the security and legal implications (cookies grant full account access). Prefer free RSS sources unless you must access premium content.
- The registry metadata lists no required env vars but the code/docs use FINANCE_NEWS_TARGET, FINANCE_NEWS_CHANNEL, and SKILL_DIR — update your environment deliberately and review scripts/workflows to ensure no unintended recipients or network endpoints are used.
- Review workflows (workflows/*.yaml), cron scripts (cron/*.sh), and any send logic in scripts/ before building Docker or running CLI. Confirm where messages are sent (openclaw/lobster calls) and verify those tooling configurations.
- If unsure, run the skill in an isolated environment (local container with no network access or with blocked outgoing connections) while you audit it. Consider forking and removing/blanking the hard-coded default target and removing or disabling the premium-cookies guidance before using.
- Verify the publisher/owner identity (ownerId mismatch in metadata) and prefer published skills from known/trusted maintainers. If you proceed, keep the principle of least privilege: do not supply credentials/cookies you are not willing to lose control over, and do not enable automated sends until you have confirmed correct targets.Like a lobster shell, security has layers — review code before you run it.
latestvk97fbs4m3yzq49acfqkh9pp5h9832e67
License
MIT-0
Free to use, modify, and redistribute. No attribution required.