ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Finance News Litiao

v1.0.0

Market news briefings with AI summaries. Use when asked about stock news, market updates, portfolio performance, morning/evening briefings, financial headlin...

0· 229·2 current·2 all-time
by@litiao1224

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for litiao1224/finance-news-litiao.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Finance News Litiao" (litiao1224/finance-news-litiao) from ClawHub.
Skill page: https://clawhub.ai/litiao1224/finance-news-litiao
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install finance-news-litiao

ClawHub CLI

Package manager switcher

npx clawhub@latest install finance-news-litiao
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to provide market briefings and message delivery (WhatsApp/Telegram) which aligns with the included scripts and workflows. However the registry metadata declares no required environment variables or credentials while README and SKILL.md expect FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL, and the cron scripts include a hard-coded default FINANCE_NEWS_TARGET value (120363421796203667@g.us). The repo metadata ownerId in _meta.json differs from the registry owner ID shown — possible fork or republish. These mismatches are unexpected and warrant caution before trusting defaults.
!
Instruction Scope
SKILL.md and README instruct the agent/user to run local CLI, configure cron jobs, and use Lobster/openclaw to send messages. docs/PREMIUM_SOURCES.md explicitly instructs how to export browser session cookies and place them in config/cookies.json for WSJ/Barron's access. That directs the skill (and user) to collect and store highly sensitive authentication cookies and to send briefings automatically to configured channels — scope includes secret handling and outbound delivery beyond simple RSS fetching.
Install Mechanism
There is no install spec in the registry (instruction-only), but the package includes full Python scripts, a Dockerfile, and workflow definitions. No external download URLs or shorteners are used. Building/running the included Docker image executes code from the repo — normal for a packaged skill, but you should review the code before building/running.
!
Credentials
Registry shows no required env vars, but README/SKILL.md reference FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL (and SKILL_DIR). More importantly, cron scripts default FINANCE_NEWS_TARGET to a specific WhatsApp JID when the env var is unset — meaning the skill will send outputs to that external target unless you explicitly override the env var. The docs also encourage storing browser session cookies (sensitive secrets) locally for premium sources. Requesting/storing cookies is explainable for premium content, but it's sensitive and not declared in registry metadata.
!
Persistence & Privilege
The skill is not force-installed (always: false) and not explicitly granted extra platform privileges, but it includes cron scripts and Lobster workflows that, if enabled, will schedule automated briefings and alerts. Combined with the hard-coded default target, this creates a realistic risk of automated outbound messages (including potentially confidential portfolio summaries) being sent to an external group unless the user overrides configuration. Autonomous invocation by the agent is allowed by default (normal), which increases blast radius if misconfigured.
Scan Findings in Context
[hardcoded.FINANCE_NEWS_TARGET.default] unexpected: cron scripts set FINANCE_NEWS_TARGET default to 120363421796203667@g.us. A delivery target defaulting to an external group is not expected and could cause automatic data disclosure if env vars are not set.
[docs.premium_cookies_instructions] expected: The docs intentionally describe how to export and store browser session cookies for premium sources; this is functionally explainable (to bypass paywalls) but involves storing highly sensitive session cookies which must be treated like passwords and are risky.
[metadata.owner_mismatch] unexpected: Owner ID in _meta.json differs from registry ownerId. This could indicate a fork/republish or packaging inconsistency and is worth verifying with the publisher.
What to consider before installing
What to check before installing or running this skill: - Do not run any cron or workflow until you confirm delivery targets. The cron scripts default to sending messages to a specific WhatsApp JID (120363421796203667@g.us) if FINANCE_NEWS_TARGET is not set; explicitly set FINANCE_NEWS_TARGET and FINANCE_NEWS_CHANNEL to your intended destination before enabling scheduled jobs. - Treat cookies.json and any exported browser session cookies as secrets. The docs show how to export WSJ/Barron's session cookies and put them in config/cookies.json; avoid doing this unless you understand the security and legal implications (cookies grant full account access). Prefer free RSS sources unless you must access premium content. - The registry metadata lists no required env vars but the code/docs use FINANCE_NEWS_TARGET, FINANCE_NEWS_CHANNEL, and SKILL_DIR — update your environment deliberately and review scripts/workflows to ensure no unintended recipients or network endpoints are used. - Review workflows (workflows/*.yaml), cron scripts (cron/*.sh), and any send logic in scripts/ before building Docker or running CLI. Confirm where messages are sent (openclaw/lobster calls) and verify those tooling configurations. - If unsure, run the skill in an isolated environment (local container with no network access or with blocked outgoing connections) while you audit it. Consider forking and removing/blanking the hard-coded default target and removing or disabling the premium-cookies guidance before using. - Verify the publisher/owner identity (ownerId mismatch in metadata) and prefer published skills from known/trusted maintainers. If you proceed, keep the principle of least privilege: do not supply credentials/cookies you are not willing to lose control over, and do not enable automated sends until you have confirmed correct targets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbs4m3yzq49acfqkh9pp5h9832e67
229downloads
0stars
1versions
Updated 23h ago
v1.0.0
MIT-0
@litiao1224
latest
Download

Finance News Skill

AI-powered market news briefings with configurable language output and automated delivery.

First-Time Setup

Run the interactive setup wizard to configure your sources, delivery channels, and schedule:

finance-news setup

The wizard will guide you through:

  • 📰 RSS Feeds: Enable/disable WSJ, Barron's, CNBC, Yahoo, etc.
  • 📊 Markets: Choose regions (US, Europe, Japan, Asia)
  • 📤 Delivery: Configure WhatsApp/Telegram group
  • 🌐 Language: Set default language (English/German)
  • Schedule: Configure morning/evening cron times

You can also configure specific sections:

finance-news setup --section feeds     # Just RSS feeds
finance-news setup --section delivery  # Just delivery channels
finance-news setup --section schedule  # Just cron schedule
finance-news setup --reset             # Reset to defaults
finance-news config                    # Show current config

Quick Start

# Generate morning briefing
finance-news briefing --morning

# View market overview
finance-news market

# Get news for your portfolio
finance-news portfolio

# Get news for specific stock
finance-news news AAPL

Features

📊 Market Coverage

  • US Markets: S&P 500, Dow Jones, NASDAQ
  • Europe: DAX, STOXX 50, FTSE 100
  • Japan: Nikkei 225

📰 News Sources

  • Premium: WSJ, Barron's (RSS feeds)
  • Free: CNBC, Yahoo Finance, Finnhub
  • Portfolio: Ticker-specific news from Yahoo

🤖 AI Summaries

  • Gemini-powered analysis
  • Configurable language (English/German)
  • Briefing styles: summary, analysis, headlines

📅 Automated Briefings

  • Morning: 6:30 AM PT (US market open)
  • Evening: 1:00 PM PT (US market close)
  • Delivery: WhatsApp (configure group in cron scripts)

Commands

Briefing Generation

# Morning briefing (English is default)
finance-news briefing --morning

# Evening briefing with WhatsApp delivery
finance-news briefing --evening --send --group "Market Briefing"

# German language option
finance-news briefing --morning --lang de

# Analysis style (more detailed)
finance-news briefing --style analysis

Market Data

# Market overview (indices + top headlines)
finance-news market

# JSON output for processing
finance-news market --json

Portfolio Management

# List portfolio
finance-news portfolio-list

# Add stock
finance-news portfolio-add NVDA --name "NVIDIA Corporation" --category Tech

# Remove stock
finance-news portfolio-remove TSLA

# Import from CSV
finance-news portfolio-import ~/my_stocks.csv

# Interactive portfolio creation
finance-news portfolio-create

Ticker News

# News for specific stock
finance-news news AAPL
finance-news news TSLA

Configuration

Portfolio CSV Format

Location: ~/clawd/skills/finance-news/config/portfolio.csv

symbol,name,category,notes
AAPL,Apple Inc.,Tech,Core holding
NVDA,NVIDIA Corporation,Tech,AI play
MSFT,Microsoft Corporation,Tech,

Sources Configuration

Location: ~/clawd/skills/finance-news/config/config.json (legacy fallback: config/sources.json)

  • RSS feeds for WSJ, Barron's, CNBC, Yahoo
  • Market indices by region
  • Language settings

Cron Jobs

Setup via OpenClaw

# Add morning briefing cron job
openclaw cron add --schedule "30 6 * * 1-5" \
  --timezone "America/Los_Angeles" \
  --command "bash ~/clawd/skills/finance-news/cron/morning.sh"

# Add evening briefing cron job
openclaw cron add --schedule "0 13 * * 1-5" \
  --timezone "America/Los_Angeles" \
  --command "bash ~/clawd/skills/finance-news/cron/evening.sh"

Manual Cron (crontab)

# Morning briefing (6:30 AM PT, weekdays)
30 6 * * 1-5 bash ~/clawd/skills/finance-news/cron/morning.sh

# Evening briefing (1:00 PM PT, weekdays)
0 13 * * 1-5 bash ~/clawd/skills/finance-news/cron/evening.sh

Sample Output

🌅 **Börsen-Morgen-Briefing**
Dienstag, 21. Januar 2026 | 06:30 Uhr

📊 **Märkte**
• S&P 500: 5.234 (+0,3%)
• DAX: 16.890 (-0,1%)
• Nikkei: 35.678 (+0,5%)

📈 **Dein Portfolio**
• AAPL $256 (+1,2%) — iPhone-Verkäufe übertreffen Erwartungen
• NVDA $512 (+3,4%) — KI-Chip-Nachfrage steigt

🔥 **Top Stories**
• [WSJ] Fed signalisiert mögliche Zinssenkung im März
• [CNBC] Tech-Sektor führt Rally an

🤖 **Analyse**
Der S&P zeigt Stärke. Dein Portfolio profitiert von NVDA's 
Momentum. Fed-Kommentare könnten Volatilität auslösen.

Integration

With OpenBB (existing skill)

# Get detailed quote, then news
openbb-quote AAPL && finance-news news AAPL

With OpenClaw Agent

The agent will automatically use this skill when asked about:

  • "What's the market doing?"
  • "News for my portfolio"
  • "Generate morning briefing"
  • "What's happening with AAPL?"

With Lobster (Workflow Engine)

Run briefings via Lobster for approval gates and resumability:

# Run with approval before WhatsApp send
lobster "workflows.run --file workflows/briefing.yaml"

# With custom args
lobster "workflows.run --file workflows/briefing.yaml --args-json '{\"time\":\"evening\",\"lang\":\"en\"}'"

See workflows/README.md for full documentation.

Files

skills/finance-news/
├── SKILL.md              # This documentation
├── Dockerfile            # NixOS-compatible container
├── config/
│   ├── portfolio.csv     # Your watchlist
│   ├── config.json       # RSS/API/language configuration
│   ├── alerts.json       # Price target alerts
│   └── manual_earnings.json  # Earnings calendar overrides
├── scripts/
│   ├── finance-news      # Main CLI
│   ├── briefing.py       # Briefing generator
│   ├── fetch_news.py     # News aggregator
│   ├── portfolio.py      # Portfolio CRUD
│   ├── summarize.py      # AI summarization
│   ├── alerts.py         # Price alert management
│   ├── earnings.py       # Earnings calendar
│   ├── ranking.py        # Headline ranking
│   └── stocks.py         # Stock management
├── workflows/
│   ├── briefing.yaml     # Lobster workflow with approval gate
│   └── README.md         # Workflow documentation
├── cron/
│   ├── morning.sh        # Morning cron (Docker-based)
│   └── evening.sh        # Evening cron (Docker-based)
└── cache/                # 15-minute news cache

Dependencies

  • Python 3.10+
  • feedparser (pip install feedparser)
  • Gemini CLI (brew install gemini-cli)
  • OpenBB (existing openbb-quote wrapper)
  • OpenClaw message tool (for WhatsApp delivery)

Troubleshooting

Gemini not working

# Authenticate Gemini
gemini  # Follow login flow

RSS feeds timing out

  • Check network connectivity
  • WSJ/Barron's may require subscription cookies for some content
  • Free feeds (CNBC, Yahoo) should always work

WhatsApp delivery failing

  • Verify WhatsApp group exists and bot has access
  • Check openclaw doctor for WhatsApp status

Comments

Loading comments...