Geopolitical Monitor
AdvisoryAudited by VirusTotal on Mar 23, 2026.
Overview
Type: OpenClaw Skill Name: geopolitical-monitor Version: 1.0.0 The geopolitical-monitor skill is a legitimate tool designed to analyze news for stock market impacts. The Python script (geopolitical_rss_monitor.py) uses hardcoded mock news data and keyword matching to generate investment reports, which are then saved to a local directory (~/shared_memory/geopolitical/). There is no evidence of data exfiltration, unauthorized network access, or malicious execution; the code is transparent and aligns perfectly with the documentation in SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could mistakenly rely on demo/sample news and sector rankings as current market analysis.
The code clearly indicates that the current report is based on simulated news, despite the skill being framed as a geopolitical monitoring and investment-reporting tool.
print(f"📊 获取到 {len(MOCK_NEWS)} 条相关新闻(模拟数据)")Treat the output as a demonstration unless you connect and verify real news sources; do not make investment decisions from the mock report.
Generated reports may remain available to later sessions or workflows, though the artifacts only show public/mock news and analysis being stored.
The script creates a persistent shared-memory-style directory and saves generated reports there.
DATA_DIR = Path.home() / "shared_memory" / "geopolitical" ... json.dump(report, f, ensure_ascii=False, indent=2)
Review or delete `~/shared_memory/geopolitical/` if you do not want these reports retained, or change `DATA_DIR` to a less shared location.
The user may install an unnecessary package from an external package index.
The documentation asks the user to install an unpinned external Python package, even though the included script does not currently import it.
pip3 install requests
Only install dependencies from trusted sources, consider pinning versions, and skip `requests` unless you add real RSS/API fetching that needs it.