← Back to Skills Marketplace
189
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install daily-antifraud-report
Description
每天早上生成反诈简报:查询中国国内银行以及支付机构等反欺诈新闻,需要详细的反诈信息。 Use when: 用户说"生成今日反诈简报",或 cron 在早上 8 点触发。 NOT FOR: 国外银行或金融机构的新闻。
README (SKILL.md)
Daily Anti-Fraud Report
When to Run
- 每天 8:00 AM 通过 cron 触发
- 用户主动说「给我今天的反诈简报」「今天有什么反诈热点」
Workflow
-
查看中国国内的反诈新闻: 查看过去一周的中国国内银行及金融支付机构的反诈新闻(中国新闻网、中国人民银行网站、百度、知乎、微信公众号等)
-
分析发生的具体案例信息: 获取发生时间、具体作案过程、银行名称、涉案金额等。
-
整合输出以下格式,推送飞书
Output Format
- {案例时间}{具体案例过程}{银行名称}{涉案金额}{其他信息}
- ...
Usage Guidance
This skill's goal (daily Chinese anti-fraud brief) is reasonable, but there are important gaps and ambiguities: it mentions scraping WeChat public accounts and pushing reports to Feishu but supplies only a simple Baidu-scraping shell script and declares no credentials. Before installing, ask the publisher to: (1) explain how Feishu posting will be authenticated and add explicit env var names (e.g., FEISHU_TOKEN) if needed; (2) clarify how 微信公众号 content will be accessed (API vs scraping) and provide code or required credentials; (3) add robust scraping/parsing (and rate-limiting and robots.txt/legal checks) rather than brittle HTML greps; (4) fix portability issues (grep -P dependency) or implement a more portable parser. Do not provide production credentials or secrets until integrations and required env vars are explicit and reviewed. If you plan to run it, test in an isolated environment and monitor outbound network activity.
Capability Analysis
Type: OpenClaw Skill
Name: daily-antifraud-report
Version: 1.0.0
The skill is designed to generate anti-fraud reports by scraping Chinese news sites, but it contains a shell injection vulnerability in `scripts/search_cn.sh`. The script passes the `$QUERY` variable directly into a `curl` command without sanitization or proper quoting, which could allow for arbitrary command execution if the input is manipulated. While the workflow in `SKILL.md` aligns with the stated purpose, the lack of input handling in the shell script poses a security risk.
Capability Assessment
Purpose & Capability
The SKILL.md says gather detailed items from sources including 中国新闻网, 人民银行网站, 百度, 知乎, 以及微信公众号 and then push the report to 飞书. The only shipped code is a simple Baidu HTML-scraping script (scripts/search_cn.sh). There is no code or declared env vars to read WeChat public account content or to authenticate/post to Feishu, so required capabilities for the stated workflow are missing.
Instruction Scope
Instructions ask the agent to collect detailed case-level data (times, modus operandi, bank names, amounts) and to push results to Feishu. The SKILL.md grants broad discretion about sources (including 微信公众号) but provides no safe, authenticated mechanisms. The included script only performs an unauthenticated Baidu search and then extracts links/titles; it does not implement the richer data collection or the Feishu push described.
Install Mechanism
No install spec — instruction-only with a small helper script. This is low-risk from an install perspective. Minor portability note: the script uses grep -oP (Perl regex) which is not available in all environments and may fail on some systems.
Credentials
SKILL.md references pushing to Feishu and reading WeChat public accounts, which normally require tokens or API credentials, yet requires.env and primary credential fields are empty. The absence of declared env vars for Feishu/WeChat is an incoherence: either the skill expects credentials to be provided ad-hoc (risk of ad hoc secret entry) or the integration is missing.
Persistence & Privilege
always is false and there are no install scripts or config writes. Autonomous invocation is allowed (platform default) but there is no requested persistent privilege. No evidence the skill modifies other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install daily-antifraud-report - After installation, invoke the skill by name or use
/daily-antifraud-report - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of daily-antifraud-report skill:
- Automatically generates a daily anti-fraud news briefing every morning at 8:00 AM or upon user request.
- Focuses exclusively on anti-fraud news related to Chinese domestic banks and payment institutions.
- Gathers and summarizes incident details: date, case process, bank involved, amount, and relevant information.
- Outputs the report in a standardized, structured format for easy distribution.
Metadata
Frequently Asked Questions
What is Daily Antifraud Report?
每天早上生成反诈简报:查询中国国内银行以及支付机构等反欺诈新闻,需要详细的反诈信息。 Use when: 用户说"生成今日反诈简报",或 cron 在早上 8 点触发。 NOT FOR: 国外银行或金融机构的新闻。 It is an AI Agent Skill for Claude Code / OpenClaw, with 189 downloads so far.
How do I install Daily Antifraud Report?
Run "/install daily-antifraud-report" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Daily Antifraud Report free?
Yes, Daily Antifraud Report is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Daily Antifraud Report support?
Daily Antifraud Report is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Daily Antifraud Report?
It is built and maintained by wdl2005 (@wdl2005); the current version is v1.0.0.
More Skills