← Back to Skills Marketplace
0ctday

AI Vulnerability Tracker

by Octday · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
100
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install ai-vulnerability-tracker
Description
AI 漏洞追踪器 - 在 GitHub 和微信公众号搜索近一个月的 AI 相关漏洞(提示词注入、提示词越狱等),并推送到飞书表格。支持去重和翻译。 搜索关键字: prompt injection, prompt jailbreak, LLM vulnerability, AI security, adversar...
README (SKILL.md)

🤖 AI 漏洞追踪器技能

功能概述

  1. 搜索 GitHub - 近一个月新增的 AI 安全相关漏洞
  2. 搜索微信公众号 - AI 安全相关文章
  3. 去重 - 按原文链接去重
  4. 翻译 - 英文内容翻译为中文
  5. 推送飞书 - 写入指定的多维表格

搜索关键字

英文关键字

  • prompt injection
  • prompt jailbreak
  • LLM vulnerability
  • AI security vulnerability
  • adversarial prompt
  • jailbreak CVE
  • prompt injection CVE
  • AI model security
  • LLM security bug
  • ChatGPT jailbreak

中文关键字

  • 提示词注入
  • 提示词越狱
  • AI 漏洞
  • LLM 安全
  • 对抗提示

目标表格

  • Wiki Token: NqxZwVzXriRIRAkvP4LcApCdnNb
  • Table ID: tblnfK3JPSfUyZmb

字段映射

⚠️ 请根据实际表格字段调整以下映射

字段名 说明
标题 漏洞/文章标题
链接 原文 URL
漏洞类型 提示词注入/提示词越狱/其他
来源 GitHub / 微信公众号
发布时间 发布日期
描述 简要描述
发现时间 收录时间

使用方式

手动运行

在支持 skills 的会话中直接运行,或通过 cron 定时执行。

定时任务 (cron)

# 每天 9:00 执行
openclaw cron add "0 9 * * *" "ai-vulnerability-tracker"

# 每周一 9:00 执行
openclaw cron add "0 9 * * 1" "ai-vulnerability-tracker"

输出

  • 搜索结果数量
  • 新增记录数量
  • 去重过滤数量
  • 错误信息(如有)

依赖

  • 网络访问 (GitHub, 微信搜索)
  • 飞书 API 访问权限
  • 翻译 API (可选)
Usage Guidance
This skill will scrape GitHub and weixin.sogou for AI vulnerability posts and then write the results to a Feishu table. However, the package contains hardcoded Feishu credentials and table tokens (and the SKILL.md documents a different token than the code uses). That means if you run it as-is, it may push potentially sensitive scraped data to an external Feishu account controlled by the package author. Before installing or running: 1) Do not run on sensitive systems or with sensitive credentials; test in an isolated environment. 2) Inspect and remove or replace hardcoded FEISHU_APP_ID / FEISHU_APP_SECRET / wikiToken / tableId values and supply your own credentials via environment variables. 3) Verify which Feishu tenant and table IDs will receive data after you replace credentials. 4) Consider rate limits and auth for GitHub API and legality/terms when scraping WeChat results. 5) If you cannot audit or modify the code, treat this skill as untrusted and avoid running it on real data.
Capability Analysis
Type: OpenClaw Skill Name: ai-vulnerability-tracker Version: 0.1.0 The skill contains hardcoded Feishu (Lark) API credentials, including a plaintext 'appSecret' and 'appId' in 'index.js'. It also specifies a hardcoded 'wikiToken' and 'tableId' which directs all scraped vulnerability data to a specific external Feishu instance by default. While the code's logic matches its stated purpose of tracking AI vulnerabilities, hardcoding active credentials and specific data sinks is a significant security risk and could be used for unauthorized data collection or as a telemetry hook.
Capability Assessment
Purpose & Capability
The declared purpose (search GitHub/WeChat and push to Feishu) matches the code behavior, but the skill declares no required credentials while index.js contains hardcoded Feishu appId/appSecret and wiki/table tokens. SKILL.md lists a different Wiki Token/Table ID than the one embedded in the code/config.json. Embedding remote push credentials in-code (and silently using them if no env vars are provided) is disproportionate to the declared 'no env vars' requirement and surprising to a user.
Instruction Scope
SKILL.md limits instructions to searching and pushing; the implementation follows that but will: scrape weixin.sogou, call the unauthenticated GitHub search API, and send records to a Feishu tenant using built-in credentials. The code reads/writes a local dedup file (/tmp/ai-vuln-dedup.json). The inconsistency between documented target tokens and those in the code increases the chance data will be sent to an unexpected external account.
Install Mechanism
No install spec is present (instruction-only runtime) and there are no external downloads. The skill includes an index.js code file which will run when invoked, but nothing in the package installs additional binaries or fetches remote code on install.
Credentials
The skill declares no required env vars, yet index.js will use FEISHU_APP_ID and FEISHU_APP_SECRET if present — otherwise it falls back to hardcoded appId/appSecret and hardcoded wiki/table tokens in code/config.json. Hardcoded secrets and table identifiers mean scraped data may be pushed to the maintainer's Feishu account by default, which is not proportional to a typical user expectation of a 'search-and-push' skill that should require explicit credentials.
Persistence & Privilege
always:false and there is no attempt to modify other skills or system-wide config. The skill persists a deduplication list to /tmp and caches an access token in memory; these are limited, local side effects.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ai-vulnerability-tracker
  3. After installation, invoke the skill by name or use /ai-vulnerability-tracker
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
ai-vulnerability-tracker v0.1.0 - 初始发布 - 支持自动搜索 GitHub 和微信公众号中近一个月的 AI 漏洞与相关文章 - 实现搜索结果去重,按原文链接过滤重复条目 - 自动翻译英文内容为中文 - 自动推送结果到飞书多维表格,并映射对应字段 - 提供多组中英文关键词,覆盖主流 AI 漏洞类型 - 输出结果数量、新增条数、去重数及错误信息 - 支持通过定时任务(cron)或手动运行
Metadata
Slug ai-vulnerability-tracker
Version 0.1.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is AI Vulnerability Tracker?

AI 漏洞追踪器 - 在 GitHub 和微信公众号搜索近一个月的 AI 相关漏洞(提示词注入、提示词越狱等),并推送到飞书表格。支持去重和翻译。 搜索关键字: prompt injection, prompt jailbreak, LLM vulnerability, AI security, adversar... It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install AI Vulnerability Tracker?

Run "/install ai-vulnerability-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI Vulnerability Tracker free?

Yes, AI Vulnerability Tracker is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI Vulnerability Tracker support?

AI Vulnerability Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI Vulnerability Tracker?

It is built and maintained by Octday (@0ctday); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments