扫描报告
5 /100
us-market-briefing
Generate production-ready US pre-market outlooks and post-market recaps in a fixed 3-section format
This is a straightforward US market briefing skill with no malicious indicators. All behavior is well-documented in SKILL.md, including web data collection, cron automation, and local file operations for budget tracking.
可以安装
No action required. The skill is safe to use.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | Allowed-tools not formally declared | SKILL.md:1 |
| 提示 | No dependencies in Python script | scripts/is-us-market-holiday.py:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md line 82-102: memory/market-briefing-usage.json tracking with documented… |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md line 53-65: Source Collection Rules explicitly declares web_search and … |
| 命令执行 | NONE | NONE | — | No shell execution found; python3 is called only via subprocess by OpenClab runt… |
| 环境变量 | NONE | NONE | — | No environment variable access observed |
| 技能调用 | READ | READ | ✓ 一致 | SKILL.md line 25-33: cron automation via OpenClab |
目录结构
5 文件 · 9.8 KB · 300 行 Markdown 3f · 255L
Python 1f · 40L
JSON 1f · 5L
├─
▾
references
│ ├─
templates.md
Markdown
│ └─
us-market-holidays-2026.md
Markdown
├─
▾
scripts
│ └─
is-us-market-holiday.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64 encoded payloads or obfuscated code
✓ No remote script execution (curl|bash, wget|sh)
✓ No direct IP network requests or C2 indicators
✓ All file operations (memory/market-briefing-usage.json) are explicitly documented
✓ Cron automation explicitly restricts to OpenClab only, prohibits system crontab editing
✓ Source code is simple, readable, and performs stated function only
✓ No hidden functionality in HTML comments or documentation
✓ No exfiltration or data POST to external endpoints