ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

美国市场政策查询Skill

v1.0.0

提供美国市场政策、法规及投资环境的智能查询和分析,支持多语言和数据源灵活配置。

0· 72·0 current·0 all-time
by@yezhaowang888-stack·duplicate of @yezhaowang888-stack/usa-policy-query-test

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yezhaowang888-stack/usa-market-policy-2026.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "美国市场政策查询Skill" (yezhaowang888-stack/usa-market-policy-2026) from ClawHub.
Skill page: https://clawhub.ai/yezhaowang888-stack/usa-market-policy-2026
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install usa-market-policy-2026

ClawHub CLI

Package manager switcher

npx clawhub@latest install usa-market-policy-2026
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README and SKILL.md repeatedly claim DeepSeek v4 driving, 惠迈智能体协作, and real-time data collection. The included code (index.js) contains only local, simulated data and has no network calls, no DeepSeek or huimai dependencies, and no code that ingests real data sources. That mismatch between marketing/description and actual capability is an incoherence worth noting.
Instruction Scope
SKILL.md only gives high-level usage and installation instructions (clawhub/npm) and recommends using environment variables for API keys. It does not direct the agent to read unrelated files, exfiltrate data, or call unknown endpoints. However, the instructions are vague about how to wire real data sources and do not show any runtime steps that perform the claimed DeepSeek integration.
Install Mechanism
No install spec in the registry entry; package is standard npm-style with no dependencies and no downloads from external URLs. This is low-risk from an install standpoint.
Credentials
The skill declares no required environment variables or credentials. The README suggests using env vars for optional API keys if you integrate real data sources — that is reasonable and proportionate. Because no credentials are required by default, there's no immediate secret-exfiltration risk in the provided code.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings in the provided code.
What to consider before installing
This package is implemented as a local simulator: index.js returns mocked policies and contains no network calls or dependencies. The red flag is a mismatch between the marketing (DeepSeek v4, 惠迈 agents, real-time data collection) and the actual code. Before installing or providing real API keys: 1) Confirm the maintainer and a trustworthy homepage/repository (none is provided). 2) If you expect DeepSeek or huimai integration, ask the author how credentials and network calls are handled, and request code that actually implements those integrations. 3) Replace placeholder dataSources only after reviewing any external client code they point to. 4) Run the included tests in an isolated environment to verify behavior. Given the inconsistency, avoid supplying production API keys or secrets to this package until those questions are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dry0gpbh3sk3wk14s8pr88d85a90g
72downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
@yezhaowang888-stack
latest
Download

美国市场政策查询Skill

🚀 概述

基于DeepSeek v4的智能政策分析系统,提供美国市场政策、法规、投资环境的智能查询和分析。

🌟 核心亮点

  • DeepSeek v4驱动:利用最新AI模型进行智能政策分析和预测
  • 惠迈智能体协作:基于惠迈三层智能体架构,确保数据准确性和实时性
  • 多语言支持:支持中文、英文等多种语言
  • 数据源可配置:灵活配置不同数据源,适应各种业务需求

🔧 技术特性

多语言支持

  • 中文(简体)
  • 英文(美国)
  • 自动语言检测和切换

数据源配置

{
  dataSources: {
    investment: '[请替换为您的美国投资政策数据源]',
    trade: '[请替换为您的美国贸易法规数据源]',
    // ... 其他数据源
  }
}

📦 安装

# 通过ClawHub安装
clawhub install usa-policy-query

# 或手动安装
npm install usa-policy-query

🔒 安全使用指南

  1. 数据源配置:使用环境变量管理敏感数据源信息
  2. API密钥:不要将真实API密钥写入代码
  3. 权限控制:为数据源配置最小必要权限

支持

如有问题,请提交Issue或联系维护团队。

惠迈智能体:让全球业务变得简单

Comments

Loading comments...