ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Custom Morning Brief

v1.0.0

================================。触发词:搜索, search, skill, 优化, 数据, data。

0· 65·0 current·0 all-time
by@horizoncove

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for horizoncove/yuheng-morning-brief.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Custom Morning Brief" (horizoncove/yuheng-morning-brief) from ClawHub.
Skill page: https://clawhub.ai/horizoncove/yuheng-morning-brief
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yuheng-morning-brief

ClawHub CLI

Package manager switcher

npx clawhub@latest install yuheng-morning-brief
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes generating and sending a morning brief to Feishu and pulling data from tianji-data, batch_web_search, hot.md, and USER.md. The registry metadata declares no required environment variables or credentials, yet the described functionality clearly needs API credentials (e.g., Tencent/tianji-data and Feishu) and access to local files. That mismatch (no declared creds/config despite needing them) is incoherent.
!
Instruction Scope
Instructions explicitly tell the agent to read local files (hot.md, USER.md) and call external data sources, then deliver the briefing to a specific Feishu channel/target (ou_fd61...). Reading a USER.md (likely containing holdings) and sending it offsite is sensitive behavior. The SKILL.md also mandates an automatic daily schedule but provides no safe guard, consent step, or mechanism for authentication — granting broad, under-specified scope.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk (nothing downloaded or written during install).
!
Credentials
No environment variables or credentials are declared, yet the skill needs Feishu messaging credentials and likely Tencent/API keys for tianji-data and possibly search APIs. Lack of declared primaryEnv or required secrets is disproportionate and hides the sensitive permissions the skill requires. The hard-coded Feishu target suggests messages will be delivered to a predetermined recipient regardless of the installer.
!
Persistence & Privilege
The SKILL.md asks for an automated daily run (06:30 each trading day) and unconditional delivery to a specific Feishu target, but the skill metadata does not explain how scheduling or user consent is enforced. While always:false (it won't be force-included), the ability to autonomously send potentially sensitive data on a schedule is a notable privilege if the agent is allowed to invoke the skill without clear user approval.
What to consider before installing
Before installing, verify and control where your data will be read from and sent. Questions to resolve: (1) Where are hot.md and USER.md stored and what sensitive data do they contain? (2) Which credentials (Feishu token, Tencent/tianji-data API key, search API keys) are required and who will supply them — update the skill to declare those env vars explicitly. (3) Why is the Feishu target hard-coded to ou_fd61d5…? If you install, replace the hard-coded recipient with a configurable target or require explicit consent per send. (4) Confirm how the scheduled automatic runs are triggered and require an opt-in. If you cannot verify the destination and required credentials, treat this skill as risky and do not grant agent access to USER.md or production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c0gcpc1edmasx9d9702fw3985ckzx
65downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@horizoncove
latest
Download

定制晨报系统

================================

每天早上自动生成定制日报,推送到飞书 版本: 1.0 | 2026-04-03 | 依赖: tianji-data + batch_web_search + hot.md

晨报内容结构

每天 06:30 自动生成,08:00 前推送到飞书:

【玉衡晨报 · YYYY-MM-DD 星期X】

📊 今日大盘
上证:XXXX点 (±X.XX%)
深证:XXXX点 (±X.XX%)
创业板:XXXX点 (±X.XX%)
成交额:X.XX万亿
北向资金:[流入/流出] XX亿

🔥 昨日热点板块
1. [板块名] [+X.XX%] — [核心逻辑]
2. [板块名] [+X.XX%] — [核心逻辑]
3. [板块名] [+X.XX%] — [核心逻辑]

📋 持仓诊断(当前)
[股票名] [代码]:[X万股] | 成本:[¥X] | 现价:[¥X] | 浮亏:[¥XXX]

💡 今日重点关注
1. [宏观事件] — 对A股影响
2. [行业新闻] — 相关板块
3. [外盘行情] — 纳指/恒指/原油

🎯 今日操作建议
[买/卖/观望] + 具体理由

📅 本周重要日程
- 周X:XXXX财报发布
- 周X:XXXX政策会议

触发机制

时间动作
每个交易日 06:30自动生成晨报
发送至飞书私信用户

数据来源

内容来源
大盘数据tianji-data(腾讯接口)
热点板块hot.md 昨日记录
持仓诊断USER.md
宏观事件batch_web_search
外盘行情腾讯接口(纳指期货/恒指)

配置

晨报发送到飞书,通过 message tool:

channel: feishu
target: ou_fd61d5ebc9af22913aa4c21c8e3cac14

Comments

Loading comments...