← Back to Skills Marketplace
Notice Monitor
by
jerryharbin
· GitHub ↗
· v1.0.1
· MIT-0
201
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install notice-monitor
Description
自动监控任意网站公告列表页,支持关键词过滤、多层级分类、定时推送及多渠道通知(钉钉、微信、邮件)。
Usage Guidance
What to consider before installing:
- Major risk: the skill shells out to openclaw with the notification message embedded in a single command string. Because the message is built from scraped titles (external websites), an attacker-controlled site could craft content that executes arbitrary shell commands on your host. Don’t install or run this skill on systems you cannot afford to compromise.
- If you still want the functionality, ask the author to patch before use: replace execSync(string) with a safe alternative (execFile/spawn with argument array or use the OpenClaw messaging API/library), or thoroughly sanitize/encode the message to prevent shell expansion (escape $, `, \\, newlines, etc.).
- Ask for or apply these fixes: implement the other promised notify channels (webhook/email/wechat) properly; make state/log paths configurable (use ~/.openclaw/workspace by default) and document required host CLI credentials; avoid saving state inside the installed package directory.
- Additional operational notes: Puppeteer will download/consume a Chromium binary and increase disk/network usage. Only run on trusted hosts and consider running inside an isolated container or VM until the command-injection issue is resolved.
Confidence notes: High — the execSync call with interpolated, unsanitized message text is visible in code and is a straightforward command-injection vector. If you can confirm that the host 'openclaw message' CLI itself safely treats its arguments (no shell expansion) and that execSync is invoked in non-shell mode (not the case here), or that all monitored sites are fully trusted and cannot be tampered with, that would reduce the risk.
Capability Analysis
Type: OpenClaw Skill
Name: notice-monitor
Version: 1.0.1
The notice-monitor skill contains a critical command injection vulnerability in src/monitor.js. The Notifier.send function uses child_process.execSync to call the openclaw CLI, passing a message string constructed from notice titles scraped from external websites. While the code attempts to escape double quotes, it fails to sanitize other shell metacharacters like backticks (`) or shell expansions ($()), allowing a malicious website to potentially achieve Remote Code Execution (RCE) on the agent's host. This is classified as suspicious rather than malicious because it appears to be a severe implementation flaw rather than an intentional backdoor.
Capability Assessment
Purpose & Capability
The code implements a Puppeteer-based crawler/monitor and supports cron/dedup/keyword filtering as described. However the SKILL.md claims multiple notification channels (DingTalk/WeChat/Email/Webhook) while the implementation only actually invokes a DingTalk path (via the openclaw CLI) and otherwise just prints messages. Also docs reference state/log paths under ~/.openclaw/workspace but the code saves state to the skill's ../state directory — an inconsistency.
Instruction Scope
Notifier.send uses child_process.execSync to run a shell command embedding the generated message text directly: execSync(`openclaw message send --target "${config.target}" --message "${message.replace(/"/g, '\\"')}"`). The message content is derived from scraped page titles/metadata controlled by external websites — this allows shell command injection (e.g. $(...), backticks, or other shell expansions) and could result in arbitrary command execution on the host. The SKILL.md does not warn about this risk and claims other notification channels that are not implemented in code.
Install Mechanism
No explicit install spec is provided in the registry metadata (instruction-only), but the package.json lists Puppeteer and other npm deps; installing will likely pull large browser artifacts (Chromium) via Puppeteer. That is expected for a headless browser crawler but increases installation footprint.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However the use of the 'openclaw message send' CLI implies the runtime agent/host CLI will be invoked and may rely on platform credentials not declared by the skill. The skill does not request or document those credentials or permissions.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes state to a local 'state' directory inside the skill package (../state) rather than the documented workspace path — this is an implementation quirk but not an elevated privilege request.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install notice-monitor - After installation, invoke the skill by name or use
/notice-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
修复 v1.0.1: 优化页面加载逻辑/增加数据等待/修复省级数据抓取/改进层级切换
v1.0.0
初始版本发布 - 支持多任务配置/关键词过滤/自动去重/DingTalk 通知
Metadata
Frequently Asked Questions
What is Notice Monitor?
自动监控任意网站公告列表页,支持关键词过滤、多层级分类、定时推送及多渠道通知(钉钉、微信、邮件)。 It is an AI Agent Skill for Claude Code / OpenClaw, with 201 downloads so far.
How do I install Notice Monitor?
Run "/install notice-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Notice Monitor free?
Yes, Notice Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Notice Monitor support?
Notice Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Notice Monitor?
It is built and maintained by jerryharbin (@jerryharbin); the current version is v1.0.1.
More Skills