The Agent Skills Directory

[SAFE]: Comprehensive analysis of the instructions and scripts confirms the skill behaves as described, providing a bridge to 36kr's 'Self-service Report' articles without any malicious functionality.
[EXTERNAL_DOWNLOADS]: The skill retrieves JSON data from openclaw.36krcdn.com. This domain is an official content delivery network endpoint for the author (36kr-com), used to host public article metadata.
[PROMPT_INJECTION]: The skill explicitly mitigates Category 8 (Indirect Prompt Injection) risks through a 'Data Isolation Statement' in the execution flow. This prevents the agent from executing instructions potentially hidden in article titles or author names by treating all API returns as pure text.
[REMOTE_CODE_EXECUTION]: Automated detection of curl | python3 patterns was found to be a false positive. The scripts utilize python3 -m json.tool and static inline Python logic to format the fetched JSON data, which does not constitute execution of arbitrary remote code.

36kr-aireportlist