CueCue Deep Research

v1.1.3

专业金融深度研究工具。当用户需要了解市场行情、行业趋势、公司基本面、政策影响、竞品动态、地缘政治风险或任何需要数据支撑的金融分析时，应主动调用此技能。输出结构化、数据驱动的专业研究报告，适用于投资决策、战略规划和市场洞察等场景。

⭐ 2· 2.6k·3 current·4 all-time

by@xfgong

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description, required binary (node), primary credential (CUECUE_API_KEY), homepage (cuecue.cn), and the declared npm package (@sensedealai/cuecue) all align with a Node CLI that performs financial research. There are no unrelated credentials or unexpected system paths declared.

ℹ

Instruction Scope

Runtime instructions require the agent to exec the 'cue' CLI to run research queries and save Markdown reports to the user's home folder. The skill explicitly requires passing --openclaw-channel and --openclaw-channel-id (the current dialog's channel-id) to the service and disallows sessions_spawn. These behaviors are plausible for a notification/agent-integrated research service but do mean conversation metadata and query text will be sent to the external CueCue service. The SKILL.md does not instruct reading arbitrary local files or other unrelated secrets.

ℹ

Install Mechanism

Installation is via an npm package (@sensedealai/cuecue) which is a reasonable choice for a Node CLI. No arbitrary URL downloads or archive extraction are used. Two identical install entries (npm-global and npm-local) are present — redundant but not inherently malicious. npm install is moderate risk compared with no-installation skills (standard for CLIs).

Credentials

The only required environment variable is CUECUE_API_KEY, which is appropriate. However, the skill requires passing OpenClaw channel name and the current dialog's channel-id to the external service (via CLI flags), and supports a --mimic-url option which may cause the service to fetch or analyze external URLs; both can expose conversation metadata, channel identifiers, and query content to the third-party service. Confirm you trust the service with that context and protect the API key.

✓

Persistence & Privilege

always is false and the skill does not request elevated or global persistence. Installation creates a CLI binary (cue) which is expected behavior for an npm-installed tool. The skill does not modify other skills or system-wide agent settings in the instructions.

Assessment

This skill appears to be what it says: a Node-based CLI wrapper that sends research queries to CueCue and writes Markdown reports to your home folder. Before installing: 1) Verify the npm package @sensedealai/cuecue and its source code or package page to ensure it matches the published project and there are no surprises. 2) Understand that using the skill will send your queries, the current conversation's channel-id/name, and any provided URLs to the external CueCue service — do not pass sensitive or private information you don't want shared. 3) Keep your CUECUE_API_KEY secret and consider using a scoped/limited key if possible. 4) Note the CLI saves files under your home directory — check the paths it will write to and clean up if needed. 5) If you need stronger guarantees, run the CLI in an isolated environment (container/sandbox) and review network traffic or the package source before granting the API key.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk973zhf8cbhj8dekka8d64gxkh804qyadata-analysisvk973zhf8cbhj8dekka8d64gxkh804qyafinancial-analysisvk973zhf8cbhj8dekka8d64gxkh804qyalatestvk97e9y50ekhe3vmfg62cm6wn3583ge32report-generationvk973zhf8cbhj8dekka8d64gxkh804qyaresearchvk973zhf8cbhj8dekka8d64gxkh804qya

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔭 Clawdis

OSmacOS · Linux

Binsnode

EnvCUECUE_API_KEY

Primary envCUECUE_API_KEY

Install

Install via npm (global)

Bins: cue

npm i -g @sensedealai/cuecue

Install via npm (local)