ClawHub

Us Market Briefing 1.0.5

v1.0.0

Generate production-ready US pre-market outlooks and post-market recaps in a fixed 3-section format, and maintain scheduled delivery via cron (pre-market at...

0· 52·1 current·1 all-time
by@nickolaslab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (US pre/post-market briefings + scheduled delivery) match the runtime instructions. Required artifacts (templates, scheduling, web_search/web_fetch, a workspace JSON usage counter) are appropriate for the stated purpose and nothing requests unrelated capabilities (no cloud creds, no system cron writes).
Instruction Scope
SKILL.md stays within the briefing domain: it mandates web_search/web_fetch against tier-1 outlets, enforces bounded request counts, requires reading/writing a workspace JSON usage file, and instructs use of the platform cron only. It explicitly forbids editing system crontabs or sending fetched content to external endpoints. No instructions ask for unrelated files, secrets, or system-wide config changes.
Install Mechanism
No install spec or code files — instruction-only skill — so nothing is downloaded or written to disk by an installer. This is the lowest-risk install profile.
Credentials
The skill requires no environment variables, credentials, or access to external config paths. The only persistent state is a local workspace memory file (memory/market-briefing-usage.json) used to track monthly request usage, which is proportional to the stated request-budgeting requirement.
Persistence & Privilege
always:false and no elevated privileges requested. The skill intends to create/manage scheduled runs via the platform's cron facility (not system cron) and to store usage data in the workspace sandbox. Autonomous invocation is allowed (platform default) but not combined with 'always:true' or broad credential access.
Assessment
This skill appears functionally coherent and low-risk: it is instruction-only, asks no secrets, and confines persistent state to a workspace JSON counter. Before installing, consider: 1) Source trust — the package has no homepage and the registry metadata vs. _meta.json ownerId differ (minor inconsistency). If provenance matters, verify the author/registry entry. 2) Scheduling behavior — the agent will create platform cron jobs that allow recurring autonomous runs; confirm you are comfortable with the agent scheduling runs and that the OpenClaw cron implementation is trusted. 3) Data handling — the skill will fetch news articles via web_fetch; although it forbids sending fetched content to external webhooks, verify that platform tooling (web_fetch/web_search) and workspace memory meet your privacy requirements. 4) Test in a sandbox workspace first (verify the created cron payloads and the memory/market-briefing-usage.json behavior) and review a sample briefing output before enabling recurring runs or wider access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97af2yarapq254ftdpbkfve5183pfzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments