Cls News Scraper
v1.0.0Extract real-time stock-positive market news from Cailian Press filtered by time, sector, and event type for catalyst identification.
⭐ 1· 1.7k·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and instructions match: the skill says it will pull CLS (Cailian Press) market news and extract catalysts. It does not declare any unrelated binaries, credentials, or system paths. Minor inconsistency: the instructions refer to a "configured endpoint/source" but the skill provides no mechanism (env vars, config paths, or install) for where that endpoint is set.
Instruction Scope
The runtime steps are limited to collecting items, normalizing fields, classifying events, filtering, and outputting rows — all within the stated purpose. However the collection step is underspecified (could be a web-scrape, API call, or other source). That vagueness gives the agent discretion to access arbitrary external endpoints unless the platform or user supplies explicit configuration or constraints.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk because nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate. One caveat: if the CLS source requires an API key or authenticated access, the SKILL.md does not declare how such credentials would be provided, which is an omission but not necessarily malicious.
Persistence & Privilege
always is false (default) and the skill does not request system-wide changes or persistent installation. The agent may invoke the skill autonomously (platform default), which is expected behavior for skills.
Assessment
This skill appears coherent and low-risk, but it's underspecified. Before installing or enabling it: (1) Ask where and how the "configured endpoint/source" is provided — you should know which URL or API the agent will contact. (2) If the CLS source requires credentials, supply them only through documented, secure env/config mechanisms and verify the skill declares them. (3) Be aware the agent may perform network requests — limit or supervise autonomous runs if you do not want the agent calling external endpoints without oversight. (4) Test the skill in a controlled environment and review any outputs for sensitive data before using them in production. If you need higher assurance, request the skill author to document the exact endpoint, authentication method, and expected data format.Like a lobster shell, security has layers — review code before you run it.
latestvk97as08k2zf3jf502jh1gkp7tx80tjeb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.