← Back to Skills Marketplace

Ai Daily

Name: Ai Daily
Author: yanhe

by yanhe · GitHub ↗ · v1.2.0

cross-platform ⚠ suspicious

482

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ai-daily-cn

Description

AI 日报 - 自动抓取 LLM/Agent 领域热点信息，生成结构化中文简报。

README (SKILL.md)

AI Daily - AI 大模型日报

自动从多个异构信息源抓取、筛选、提炼大模型（LLM）和智能体（Agent）领域的 Top 级热点信息与核心论文，生成结构化中文简报。

命令

生成日报

bash {baseDir}/scripts/generate.sh
bash {baseDir}/scripts/generate.sh --date 2026-02-26

查看今日简报

bash {baseDir}/scripts/view.sh today
bash {baseDir}/scripts/view.sh 2026-02-26

手动触发（通过 OpenClaw）

/ai-daily generate

数据源

官方实验室与博客

OpenAI, Anthropic, Google DeepMind, Meta AI, Mistral AI, Qwen, AWS ML

深度技术媒体

The Batch, Hugging Face, 机器之心，量子位，Distill

X (Twitter) KOL 追踪

karpathy, ylecun, _akhaliq 等（通过 Tavily Search）

学术论文

arXiv: cs.CL, cs.AI, cs.LG 分类

输出

每日生成 Markdown 格式简报，包含：

📌 核心大事件总结
🏢 官方框架更新
💬 KOL 前沿观点
📚 必读硬核论文

配置

编辑 {baseDir}/config/sources.json 自定义数据源。

定时任务

建议配置每日 08:00 自动执行：

# crontab -e
0 8 * * * cd /path/to/ai-daily && bash scripts/generate.sh

或在 OpenClaw 中使用 cron skill 设置。

Usage Guidance

What to check before installing or running: - Review and fix undeclared env vars: the code calls an Alibaba LLM endpoint using ALIBABA_CLOUD_API_KEY but SKILL.md/registry metadata does not declare it. If you plan to use remote LLMs, only set that secret after you understand what data will be sent. - Do not run push-to-dingtalk.sh until you verify the destination: the script contains a hard-coded OpenClaw/DingTalk session id; running it will send report contents to that session. Remove or replace the session id with your own, or avoid running the script. - Fix TLS settings: ai_daily.py disables SSL verification (ssl.CERT_NONE); this permits silent man-in-the-middle attacks. Update the code to use default SSL verification (do not set verify_mode to CERT_NONE and keep check_hostname True) before running on sensitive networks. - Ensure required binaries are declared and present: the scripts call the 'openclaw' CLI in push/generation examples but the skill only declares python3 and curl. If you don't have OpenClaw CLI configured, those commands will fail; if you do, be aware they can transmit messages. - Consider running in an isolated environment first (container or sandbox) and inspect logs to confirm what external endpoints receive your data. If you need the skill but not external pushes or remote LLM calls, edit the code to disable push scripts and/or the call_llm function and run in 'local-only' / debug mode. - If you are unsure, ask the skill author to (1) explicitly declare all env vars the code uses (including ALIBABA_CLOUD_API_KEY), (2) remove hard-coded session ids or make them configurable, and (3) re-enable proper SSL verification and document why network calls are necessary.

Capability Analysis

Type: OpenClaw Skill Name: ai-daily-cn Version: 1.2.0 The skill is classified as suspicious primarily due to a critical vulnerability in `scripts/ai_daily.py`. It disables SSL certificate verification (`ssl.CERT_NONE`) for all network requests, making it highly susceptible to Man-in-the-Middle (MITM) attacks. An attacker could intercept and inject malicious content into RSS feeds or API responses, potentially compromising the system. While there is no evidence of intentional malicious behavior like data exfiltration or unauthorized remote control, this severe vulnerability poses a significant security risk, allowing external attacks.

Capability Assessment

⚠ Purpose & Capability

The name/description (collect RSS/Tavily/arXiv and produce a daily report) aligns with the code and scripts, but there are mismatches: the runtime uses an ALIBABA_CLOUD_API_KEY for LLM calls (seen in config/prompts.md and ai_daily.py) but SKILL.md's declared env metadata only lists TAVILY_API_KEY and GITHUB_TOKEN. The scripts also invoke the openclaw CLI ('openclaw sessions send' / 'openclaw cron add'), yet 'openclaw' is not listed as a required binary in SKILL.md or registry metadata. These omissions are incoherent with the declared requirements.

⚠ Instruction Scope

Runtime instructions and included scripts perform network fetches (RSS, Tavily, arXiv) and call an external LLM endpoint (Alibaba dashscope). The code reads environment variables (TAVILY_API_KEY, GITHUB_TOKEN, and ALIBABA_CLOUD_API_KEY) — but ALIBABA_CLOUD_API_KEY is used without being declared in SKILL.md. There is also a push-to-dingtalk.sh that will send report content to an OpenClaw session with a hard-coded session id (agent:main:dingtalk:group:cid+...), meaning if that script is executed it will post data to that session/channel. The SKILL.md instructions do not fully call out those behaviors or the undeclared env var use.

✓ Install Mechanism

There is no remote download/install step (instruction-only plus bundled scripts). No archive downloads or external installers are executed during install. That reduces supply-chain risk compared to skills that fetch arbitrary code at install time.

⚠ Credentials

The code expects multiple optional API keys (TAVILY_API_KEY, GITHUB_TOKEN, ALIBABA_CLOUD_API_KEY / ALIBABA key), but the SKILL.md metadata omitted ALIBABA_CLOUD_API_KEY and the registry lists no required env vars. The ALIBABA key grants remote LLM access to content the skill processes (report text, scraped content) — that is a powerful credential and should be explicitly declared. The push script can transmit report fragments to an external session/channel without prompting for credentials in the skill metadata.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request special platform privileges. However, it contains an optional push script that will send report contents to a pre-configured OpenClaw/DingTalk session id (hard-coded). That is not automatic by default, but the presence of an embedded session identifier is a privacy/safety concern and should be reviewed before running push-to-dingtalk.sh. The skill does not modify other skills or system-wide configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ai-daily-cn
After installation, invoke the skill by name or use /ai-daily-cn
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.2.0

No file changes detected in this version. - Version number updated to 1.2.0, but no code or documentation changes are present. - No new features, fixes, or enhancements introduced.

v1.1.0

- Initial public release of ai-daily-cn. - Automatically gathers and summarizes top trending news and research in the LLM/Agent space in Chinese. - Supports multiple data sources: official labs, tech blogs, X (Twitter) KOLs, and relevant arXiv categories. - Structured daily report output in Markdown, including major events, framework updates, expert insights, and key papers. - Provides command-line and manual trigger options, as well as configuration for custom data sources and scheduled tasks.

Metadata

Slug ai-daily-cn

Version 1.2.0

License —

All-time Installs 5

Active Installs 5

Total Versions 2

Frequently Asked Questions

What is Ai Daily?

AI 日报 - 自动抓取 LLM/Agent 领域热点信息，生成结构化中文简报。 It is an AI Agent Skill for Claude Code / OpenClaw, with 482 downloads so far.

How do I install Ai Daily?

Run "/install ai-daily-cn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ai Daily free?

Yes, Ai Daily is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ai Daily support?

Ai Daily is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ai Daily?

It is built and maintained by yanhe (@yanhe); the current version is v1.2.0.

More Skills