Iran War Tracker

The code (news search, CLS/Jin10 telegraph fetchers, stooq/Coingecko asset fetchers, prompt builder, and AI client) aligns with the stated goal of high-frequency Iran conflict reporting and market signal extraction. Using a model endpoint to synthesize reports is expected. However, the skill is packaged with code that will use optional external services (Tavily, local model-search endpoints, OpenAI/compatible endpoints) if environment variables are present — functionality that is plausible for the purpose but not declared in the metadata.

SKILL.md requires loading a remote analysis framework (Gist) with fallback to a local markdown, performing news searches, pulling CLS/Jin10 telegraph feeds, and collecting several risk-asset feeds. The runtime scripts implement these steps and follow the hard rules specified in SKILL.md. No instructions in SKILL.md ask the agent to read unrelated system files or exfiltrate data; the behavior stays within the reporting/aggregation scope.

There is no install spec — this is an instruction-and-script package; nothing is downloaded during install. That lowers supply-chain risk. The repository does fetch remote runtime data (Gist, Jin10, CLS, Tavily, stooq, Coingecko, DuckDuckGo) at runtime, which is expected for a live-tracking tool.

The skill metadata declares no required environment variables, but the code reads multiple optional env vars that materially change runtime behavior and network targets: OPENCLAW_MODEL_ENDPOINT, OPENAI_API_KEY, OPENAI_BASE_URL, OPENCLAW_SESSION, LLM_API_KEY, LLM_API_BASE, OPENCLAW_SEARCH_URL, OPENCLAW_API_KEY, and TAVILY_API_KEY. If any of these are set, the skill will forward the assembled prompt and context to those endpoints (including arbitrary model endpoints configured via OPENCLAW_MODEL_ENDPOINT or OPENCLAW_SEARCH_URL). That creates a credible path for sensitive context (news, telegraph snippets, market data, and the full report prompt) to be transmitted to third parties without being declared as required credentials — a proportionality and transparency gap the user should consider.

The skill is not always-enabled and does not request permanent system-level privileges in its manifest. It does not modify other skills' configs. Autonomous invocation (model calling itself) is allowed by default but not combined with an 'always:true' flag or other elevated persistence requests.