← Back to Skills Marketplace
67
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install news-brief-skill
Description
根据用户设定的兴趣方向,每天定时获取对应领域的新闻内容,生成摘要简报并推送至用户指定渠道,支持用户反馈与Skill优化。
Usage Guidance
This skill appears to implement the advertised news-aggregation and push features, but check these before installing:
- Understand where credentials will be stored: the skill saves per-user configs (email, webhook tokens, etc.) under data/users and backs them up. If those directories are on a shared host, others may access them.
- Encryption is implemented, but the encryption key is generated and saved to config/encryption.key by default. That means anyone with filesystem access to the skill folder can decrypt stored secrets. Prefer supplying an encryption key from a secure secret store or environment variable and confirm the key file is not committed or exposed.
- The documentation claims it does not store user identity, but the code stores user IDs and per-user directories. If that conflicts with your privacy requirements, do not install as-is.
- Review and restrict filesystem permissions for the skill directory (config/ and data/), and consider running it in an isolated environment.
- There are some code-quality issues (e.g., a missing import and other truncated blocks in the provided sources) — you should test in a safe environment before enabling automatic daily runs.
If you want to proceed: (1) provide credentials only when necessary, (2) replace the on-disk encryption key with a key from a secure secret manager or environment variable, (3) restrict access to the skill directory, and (4) audit any additional omitted files not included here.
Capability Analysis
Type: OpenClaw Skill
Name: news-brief-skill
Version: 1.0.0
The news-brief-skill is a well-structured news aggregation and notification tool designed to fetch, summarize, and push news updates to users. It implements legitimate features for multi-source news gathering (RSS, API, and BeautifulSoup-based web scraping) and supports multiple notification channels including Email, DingTalk, and Telegram. Notably, the skill demonstrates good security practices in `scripts/config_manager.py` by using AES-256 encryption (via the cryptography library) to protect sensitive user credentials such as SMTP passwords and API tokens. No evidence of malicious intent, unauthorized data exfiltration, or dangerous command execution was found across the codebase.
Capability Assessment
Purpose & Capability
The code files and SKILL.md match the stated purpose: multi-source news fetching, summarization, multi-channel push, and feedback-driven optimization. The included modules (news_fetcher, summarizer, pusher, config manager, feedback handler) are appropriate for this functionality.
Instruction Scope
Runtime instructions are reasonable: copy skill into OpenClaw, install listed Python deps, configure optional API keys/webhooks, and set user preferences. However, SKILL.md/documentation claims '不存储用户身份信息' while the implementation stores per-user configs and user_id directories under data/users; it also instructs storing credentials (email, webhooks) which the code persists. This is a privacy/accuracy mismatch.
Install Mechanism
There is no install spec that downloads external artifacts; the package is delivered as source files. Dependencies are standard Python packages (requests, bs4, feedparser, cryptography, etc.) declared in the docs. No remote installers, obscure URLs, or extracted archives were used.
Credentials
The skill requests no environment variables in the registry metadata, but the code expects and persists sensitive credentials (SMTP creds, Telegram bot token, DingTalk webhook, etc.) in per-user config files. Those fields are 'encrypted' by the skill, but the ConfigManager generates and stores the encryption key to config/encryption.key on disk (the code comments even say it should come from an environment variable). Storing the key alongside the encrypted data undermines the protection and is disproportionate given the claimed 'privacy' guarantees.
Persistence & Privilege
The skill persists user configs, backups, logs, and an encryption key under the skill project (data/, config/encryption.key, data/backups/). It does not request elevated platform privileges, nor is always:true set, but writing persistent credentials and a plaintext encryption key to the skill's directory increases risk if the host or skill directory is accessible by other parties.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install news-brief-skill - After installation, invoke the skill by name or use
/news-brief-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Personalized news briefing with multi-channel push and user feedback optimization
Metadata
Frequently Asked Questions
What is News Brief Skill?
根据用户设定的兴趣方向,每天定时获取对应领域的新闻内容,生成摘要简报并推送至用户指定渠道,支持用户反馈与Skill优化。 It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.
How do I install News Brief Skill?
Run "/install news-brief-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is News Brief Skill free?
Yes, News Brief Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does News Brief Skill support?
News Brief Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created News Brief Skill?
It is built and maintained by thiswin (@17oko); the current version is v1.0.0.
More Skills