Description

AI情报哨兵 - 自动采集、分析与报告AI领域最新动态的多源情报系统

README (SKILL.md)

AI前沿哨兵 (AI Sentinel)

Name: AI前沿哨兵
Author: xiaopengs

你的AI情报指挥中心，自动采集、分析与报告AI领域最新动态

技能概述

AI前沿哨兵是一个开源的AI情报采集系统，帮助用户自动追踪AI领域的最新动态，包括开源项目、学术论文、技术博客、行业新闻等，并生成结构化的晨报和晚报。

核心能力：

🔍 多源信息采集（GitHub、arXiv、HackerNews、Twitter/X、RSS等）
⏰ 智能定时调度（晨报08:00、晚报20:00）
📊 智能分析评分（热度+新鲜度+来源可信度）
📄 自动化报告生成（Markdown格式）
🎛️ WebUI管理面板

适用场景

AI从业者追踪最新技术动态
研究人员关注前沿论文
开发者发现优质开源项目
产品经理了解行业趋势
内容创作者获取素材

使用方法

1. 基本采集

当用户说"采集AI情报"、"生成AI晨报"、"追踪AI动态"时，执行以下步骤：

# 采集所有信息源
python scripts/collect.py --all

# 生成晨报
python scripts/reporter.py --type morning

# 生成晚报
python scripts/reporter.py --type evening

2. 单源采集

# 仅采集GitHub Trending
python scripts/collect.py --source github

# 仅采集arXiv论文
python scripts/collect.py --source arxiv

# 仅采集HackerNews
python scripts/collect.py --source hackernews

3. 查看报告

生成的报告保存在 reports/YYYY-MM-DD/ 目录：

morning_report.md - 晨报
evening_report.md - 晚报
xiaohongshu_report.md - 小红书风格报告

配置说明

信息源配置 (`config/sources.yaml`)

系统支持以下信息源：

GitHub Trending - AI开源项目热度排行
arXiv - 最新AI论文（cs.AI, cs.LG, cs.CL）
HackerNews - 开发者社区热点讨论
Twitter/X - AI大咖动态（需API Token）
RSS博客 - 官方博客和技术媒体
- Anthropic, OpenAI, Google AI, DeepMind
- Hugging Face, xAI, Cursor
- TechCrunch AI, VentureBeat AI
- InfoQ全球/中文
- MMChat AI资讯
中国AI公司 - 官网新闻解析
- 智谱AI、MiniMax、扣子Coze

调度配置 (`config/schedule.yaml`)

schedule:
  morning:
    enabled: true
    time: "08:00"
  evening:
    enabled: true
    time: "20:00"

工作流程

采集阶段 - 从配置的信息源拉取最新数据
分析阶段 - 计算热度、新鲜度、质量评分
筛选阶段 - 按优先级排序，过滤低质量内容
生成阶段 - 使用Jinja2模板生成Markdown报告
存档阶段 - 按日期保存到 reports/ 目录

项目结构

ai-sentinel/
├── SKILL.md                    # 本文档
├── config/                     # 配置文件
│   ├── sources.yaml            # 信息源配置
│   ├── settings.yaml           # API配置
│   └── schedule.yaml           # 调度配置
├── scripts/                    # 核心脚本
│   ├── collect.py              # 采集入口
│   ├── analyzer.py             # 分析评分
│   ├── reporter.py             # 报告生成
│   ├── quality_scorer.py       # 质量评分系统
│   └── parsers/                # 平台解析器
│       ├── github_trending.py
│       ├── arxiv.py
│       ├── hackernews.py
│       ├── blog_rss.py
│       └── web_news.py
├── templates/                  # 报告模板
│   ├── morning_report.md
│   ├── evening_report.md
│   └── xiaohongshu_report.md
├── reports/                    # 报告存档
│   └── YYYY-MM-DD/
│       ├── morning_report.md
│       ├── evening_report.md
│       └── xiaohongshu_report.md
├── webui/                      # Web界面
│   ├── index.html
│   ├── style.css
│   └── app.js
└── references/                 # 参考文档
    ├── sources_guide.md
    └── api_setup.md

安装依赖

pip install requests feedparser pyyaml jinja2 schedule

扩展指南

添加新信息源

在 scripts/parsers/ 创建新解析器
实现 fetch() 方法返回标准格式数据
在 config/sources.yaml 添加配置
在 scripts/collect.py 注册解析器

自定义报告模板

编辑 templates/ 目录下的模板文件，使用Jinja2语法：

{{ title }} - 标题
{{ items }} - 条目列表
{{ analysis }} - 分析内容

常见问题

Q: Twitter采集失败？
A: 需要Twitter Developer账号和Bearer Token，未配置时自动跳过。

Q: 如何添加自定义关键词？
A: 编辑 config/sources.yaml 中各源的 keywords 字段。

Q: 报告保存位置？
A: 默认 reports/YYYY-MM-DD/，可在配置中修改。

仓库地址

https://github.com/xiaopengs/ai-sentinel

License

MIT License - 详见 LICENSE 文件

Usage Guidance

This package appears to do what it claims (crawl multiple public AI sources, score, and emit Markdown reports). Before running it: (1) review and edit config/sources.yaml to avoid subscribing to unknown or internal URLs; (2) do not place real API secrets into tracked repo files — use environment variables or an ignored config; (3) if you plan to run this on a server with access to internal networks, consider isolating it (container/VM) because the collector will fetch arbitrary configured URLs (risk of SSRF or scraping internal endpoints); (4) inspect any custom parser code you add (scripts/parsers/) since parsers execute network requests and can be pointed at attacker-controlled endpoints; (5) run in a non-production environment first to confirm behavior. If you want a deeper assessment, provide the omitted/truncated files (the static scan noted many files were truncated) so I can check for hidden endpoints or obfuscated code.

Capability Analysis

Type: OpenClaw Skill Name: ai-sentinel-2 Version: 0.1.0 The AI Sentinel skill bundle is a sophisticated AI news aggregation and reporting system. It is classified as suspicious due to a significant security vulnerability: the WebUI (webui/app.js) renders untrusted content from external sources (GitHub, RSS feeds, arXiv) using innerHTML without sanitization, creating a high risk of Cross-Site Scripting (XSS). While the bundle's behavior aligns with its stated purpose and lacks clear malicious intent, the combination of broad permissions (shell, filesystem, http) and the ability for an attacker to inject malicious scripts via a news source title or summary poses a meaningful risk to the user's environment.

Capability Tags

requires-oauth-token

Capability Assessment

✓ Purpose & Capability

Name/description (AI intelligence sentinel) match the included files and instructions: multiple parsers, collection, analysis, and reporter scripts plus WebUI are present. Declared required env/configs are minimal and consistent with optional Twitter/GitHub settings described in docs.

ℹ Instruction Scope

SKILL.md explicitly instructs running python scripts (scripts/collect.py, scripts/reporter.py) which perform network scraping/API calls against GitHub, arXiv, HackerNews, RSS, Twitter/X, and configured websites. The instructions do not attempt to access unrelated system areas, but collector/parsers will fetch arbitrary URLs from config (including user-added custom sources). The docs also reference storing API keys in config or environment; SKILL.md itself does not declare required secrets but runtime behavior will skip Twitter if token is not provided.

✓ Install Mechanism

No install spec is present; this is a local Python script collection requiring typical pip packages (requests, feedparser, pyyaml, jinja2, schedule). No remote download/extraction or obscure third-party installers are used. Code is included in the bundle rather than fetched at install time.

ℹ Credentials

The skill declares no required env vars. Documentation and parsers optionally use API credentials (Twitter bearer token, optional GitHub token) stored in config/settings.yaml or environment variables. Requesting such tokens is proportional to the stated integrations, but users should avoid placing secrets in tracked files and be mindful that configurable 'custom' sources may point to arbitrary endpoints.

✓ Persistence & Privilege

The skill is not set to always:true and does not request elevated persistent privileges. It writes reports and output files to local directories (reports/, output/) as expected; there is no evidence it modifies other skills or system-wide agent settings.

Version History

v0.1.0

Initial release of AI前沿哨兵 (AI Sentinel): - 自动采集、分析并报告AI领域最新动态，支持多信息源（GitHub Trending、arXiv、HackerNews、Twitter/X、RSS博客等） - 智能定时调度，生成结构化晨报（08:00）和晚报（20:00） - 支持智能分析评分（热度、新鲜度、来源可信度） - 提供WebUI管理面板和可定制Markdown报告模板 - 易扩展，支持添加新信息源和自定义报告内容

Metadata

Slug ai-sentinel-2

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is AI前沿哨兵?

AI情报哨兵 - 自动采集、分析与报告AI领域最新动态的多源情报系统. It is an AI Agent Skill for Claude Code / OpenClaw, with 75 downloads so far.

How do I install AI前沿哨兵?

Run "/install ai-sentinel-2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI前沿哨兵 free?

Yes, AI前沿哨兵 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI前沿哨兵 support?

AI前沿哨兵 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI前沿哨兵?

It is built and maintained by xiaopeng (@xiaopengs); the current version is v0.1.0.

More Skills

AI前沿哨兵