Scan Report
15 /100
macro-news-signal
Macro News Signal is an intelligent market analysis skill that transforms real-time global news and key macro indicators into actionable investment insights.
This is a pure documentation-based market analysis skill with no executable code, scripts, or dangerous capabilities. The only concern is a hardcoded Chrome version string that was flagged as an IP address.
Safe to install
This skill is safe to use. The only action item is to clarify that '146.0.0.0' in the User-Agent is a Chrome version number, not an IP address.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Info | Chrome version misidentified as IP address Doc Mismatch | README.md:44 |
| Low | No allowed-tools declaration Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | NONE | READ | ✓ Aligned | references/news_apis.md documents RSS feeds and APIs |
| Shell | NONE | NONE | — | No shell execution documented |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | READ | ✓ Aligned | SKILL.md mentions agent-browser skill for dynamic access |
| Database | NONE | NONE | — | No database access |
1 High 15 findings
High IP Address 硬编码 IP 地址
146.0.0.0 README.md:44 Medium External URL 外部 URL
https://bbg.buzzing.cc/feed.json references/news_apis.md:9 Medium External URL 外部 URL
https://feeds.bloomberg.com/markets/news.rss references/news_apis.md:10 Medium External URL 外部 URL
https://www.cnbc.com/id/100003114/device/rss/rss.html references/news_apis.md:11 Medium External URL 外部 URL
https://www.ft.com/rss/home references/news_apis.md:12 Medium External URL 外部 URL
https://feeds.a.dj.com/rss/RSSMarketsMain.xml references/news_apis.md:13 Medium External URL 外部 URL
https://www.economist.com/finance-and-economics/rss.xml references/news_apis.md:14 Medium External URL 外部 URL
http://rss.spriple.org/zaobao/realtime/world references/news_apis.md:15 Medium External URL 外部 URL
https://rss.spriple.org/10jqka/realtimenews references/news_apis.md:16 Medium External URL 外部 URL
https://app.folo.is/share/feeds/70844804758158336 references/news_apis.md:19 Medium External URL 外部 URL
https://docs.rsshub.app/zh/guide/instances references/news_apis.md:20 Medium External URL 外部 URL
https://www.federalreserve.gov/feeds/press_all.xml references/news_apis.md:26 Medium External URL 外部 URL
https://www.bankofengland.co.uk/rss references/news_apis.md:27 Medium External URL 外部 URL
https://quote.cnbc.com/quote-html-webservice/restQuote/symbolType/symbol?symbols=US10YTIP&requestMethod=itv&noform=1&par... references/news_apis.md:33 Medium External URL 外部 URL
https://quote.cnbc.com/quote-html-webservice/restQuote/symbolType/symbol?symbols=.DXY&requestMethod=itv&noform=1&partner... references/news_apis.md:34 File Tree
5 files · 17.4 KB · 392 lines Markdown 5f · 392L
├─
▾
references
│ ├─
data_schema.md
Markdown
│ └─
news_apis.md
Markdown
├─
README_zh-CN.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No executable code or scripts - pure documentation skill
✓ No credential theft or sensitive data access
✓ No base64 encoding or obfuscation techniques
✓ No C2 communication or data exfiltration
✓ No reverse shell or remote code execution
✓ External network access limited to legitimate financial news sources (Bloomberg, CNBC, FT, Fed)
✓ References to agent-browser skill for dynamic web access are appropriate for news scraping use case
✓ Respects robots.txt as mentioned in documentation
✓ Uses proper curl headers with User-Agent for API requests