← 返回 Skills 市场
337
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install news-impact-analyzer
功能描述
Input news text and use an LLM to analyze its impact on stock market sectors and concepts (bullish/bearish/neutral) along with the underlying logic.
安全使用建议
Before installing or running this skill:
- Treat the EASYALPHA_API_KEY as sensitive. The bundled script will send that key and the full news text to a remote server (default: https://easyalpha.duckdns.org). Only use a key you are willing to expose to that host.
- The default backend is a duckdns domain with no homepage or known publisher—verify the server operator and privacy policy. If you cannot verify it, do not use your real API key.
- The code reads NEWS_EXTRACTOR_SERVER_URL and ALLOW_INSECURE_SSL even though those were not declared in the manifest; set NEWS_EXTRACTOR_SERVER_URL to a trusted endpoint if you run your own analysis service.
- By default the script disables SSL certificate validation unless ALLOW_INSECURE_SSL='false' is set. That makes connections vulnerable to MITM attacks—set ALLOW_INSECURE_SSL='false' to enforce certificate validation or avoid using the default host.
- If you need to use this skill but want stronger assurance: host the analysis backend yourself (set NEWS_EXTRACTOR_SERVER_URL to your server), inspect the backend code, or ask the publisher for code provenance and a canonical release (the package currently lacks a verified homepage/owner).
Given the unclear ownership and the fact the script will transmit secrets to a third party with insecure defaults, proceed only after verifying the server and adjusting environment defaults; otherwise consider the skill suspicious and avoid using real credentials.
功能分析
Type: OpenClaw Skill
Name: news-impact-analyzer
Version: 1.0.3
The skill sends a user-provided API key and news content to a remote server hosted on a dynamic DNS provider (easyalpha.duckdns.org). Most importantly, scripts/analyze_news.js explicitly disables SSL certificate verification by default (rejectUnauthorized: false), which exposes the authentication token and news data to interception via Man-in-the-Middle (MitM) attacks. While the code lacks clear evidence of intentional malice, this default configuration is a critical security vulnerability.
能力评估
Purpose & Capability
The skill's name/description (an LLM-based news→market-impact analyzer) aligns with the code: the Node script POSTs news text to a remote analysis backend and returns results. However the manifest only declares EASYALPHA_API_KEY while the runtime uses an additional NEWS_EXTRACTOR_SERVER_URL (defaulting to https://easyalpha.duckdns.org) and instructs users to register at that domain. The use of a duckdns host and lack of a homepage or known publisher is unexpected for a public service and should be validated.
Instruction Scope
The SKILL.md instructs the agent to run the bundled script which will transmit the full news text and the EASYALPHA_API_KEY to the configured remote server (/api/v1/analyze). The instructions do not declare all environment variables the script reads (NEWS_EXTRACTOR_SERVER_URL, ALLOW_INSECURE_SSL) and do not warn about privacy/ownership of the target server. Transmitting a secret API key and arbitrary text to an external server is within the described functionality but deserves explicit disclosure and provenance.
Install Mechanism
No install spec; this is an instruction-only skill with a single Node.js script and no npm dependencies. Nothing is downloaded or extracted at install time.
Credentials
The registry declares only EASYALPHA_API_KEY, but the script also accepts NEWS_EXTRACTOR_SERVER_URL and ALLOW_INSECURE_SSL from the environment. The script sends the EASYALPHA_API_KEY in both an X-EasyAlpha-API-Key header and an Authorization: Bearer header to the remote host. Requiring a single API key could be proportionate, but (a) the destination server is a duckdns host by default, (b) the manifest/instructions omit some env vars the code uses, and (c) the key will be transmitted to an externally hosted service of unclear provenance—raising risk of key exfiltration.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It only runs a script and does not attempt to modify other skills or system configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install news-impact-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/news-impact-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
update interface to support markdown output
v1.0.2
- No changes detected in this version; documentation and functionality remain unchanged.
v1.0.1
- No changes detected in this version; existing functionality and documentation remain the same.
v1.0.0
- Initial release of News Impact Analyzer.
- Analyze news text to determine impact on stock market sectors and concepts (bullish, bearish, or neutral).
- Utilizes Large Language Models for extracting sector impact and underlying analysis logic.
- Pure Node.js client with zero local dependencies; no npm install required.
- Communicates with a remote FastAPI backend for LLM analysis.
- Requires EASYALPHA_API_KEY and configurable NEWS_EXTRACTOR_SERVER_URL.
元数据
常见问题
news-impact-analyzer 是什么?
Input news text and use an LLM to analyze its impact on stock market sectors and concepts (bullish/bearish/neutral) along with the underlying logic. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 337 次。
如何安装 news-impact-analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install news-impact-analyzer」即可一键安装,无需额外配置。
news-impact-analyzer 是免费的吗?
是的,news-impact-analyzer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
news-impact-analyzer 支持哪些平台?
news-impact-analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 news-impact-analyzer?
由 fonilye(@fonilye)开发并维护,当前版本 v1.0.3。
推荐 Skills