← Back to Skills Marketplace
199
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install spotify-news-digest
Description
Scrape and summarize Spotify-related news from multiple sources (Spotify official blogs, engineering/research/newsroom, TechCrunch, The Verge, Music Business...
Usage Guidance
This skill appears coherent for aggregating public Spotify news. Before installing: (1) review and optionally tighten config/sources.json and ALLOWED_DDG_DOMAINS to avoid accidental internal-host hits; (2) install dependencies into an isolated environment (virtualenv/container) and audit PyPI packages listed in requirements.txt; (3) if you plan to schedule it, run it in a network-isolated container or VM and confirm the cron/job delivery target (so digests aren't sent to unintended recipients); (4) if you operate on a restricted network, be cautious — the skill makes outbound HTTP requests to public news sites and DuckDuckGo/Algolia and should not be given access to internal-only hosts.
Capability Analysis
Type: OpenClaw Skill
Name: spotify-news-digest
Version: 1.0.1
The spotify-news-digest skill is a legitimate news aggregator that collects and summarizes Spotify-related updates from official and media sources. The code demonstrates good security practices, including an explicit domain allowlist (ALLOWED_DDG_DOMAINS in fetch_spotify_news.py) to mitigate SSRF risks from search results and enforced TLS verification for all network requests. No evidence of malicious intent, data exfiltration, or prompt injection was found; the logic is transparent and aligns perfectly with the stated purpose.
Capability Assessment
Purpose & Capability
Name/description match the implementation: scripts fetch RSS, Hacker News (Algolia) and DuckDuckGo News results, deduplicate/score items, and render a Chinese digest. Declared dependencies (feedparser, beautifulsoup4, requests, ddgs) are appropriate for web scraping and parsing.
Instruction Scope
SKILL.md instructions stay within scope: fetch sources from config/sources.json, run generate_digest.py, and optionally have an LLM produce zh_summary fields. It warns about running in environments with internal network access. There are no instructions to read unrelated system files, environment secrets, or to send data to unexpected external endpoints.
Install Mechanism
This is instruction+code only (no install spec). A requirements.txt lists PyPI packages; the package sources are standard (PyPI libraries). There is no download-from-arbitrary-URL or archive extraction. Users should still pip-audit dependencies before installing in sensitive environments.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond its own config/sources.json. Network access is necessary for its stated purpose; no unrelated secrets or credentials are requested.
Persistence & Privilege
The skill does not set always:true and does not request elevated or permanent platform-wide privileges. SKILL.md mentions optional scheduling; the guidance to confirm delivery target is appropriate. Autonomous invocation defaults are unchanged (normal).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install spotify-news-digest - After installation, invoke the skill by name or use
/spotify-news-digest - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
**Security-focused release: Now enforces strict domain allowlists and improved safety for news fetching.**
- Enforces TLS verification on all HTTP requests for news fetching.
- Introduces a strict domain allowlist (`ALLOWED_DDG_DOMAINS`) for all DuckDuckGo news search results; only results from approved public news domains are accepted.
- Updates documentation with prominent security notes, including advice for safe scheduling and isolating the skill from internal networks and services.
- Requires auditing of pip dependencies before installation in sensitive or production environments.
- No changes to the news gathering features or API; security improvements and documentation clarification only.
v1.0.0
- Initial release of the spotify-news-digest skill.
- Added a SKILL.md template with guidance for documenting capabilities, structure options, and example content patterns.
- No functional code or specific features included yet; document focuses on instructions for structuring and developing the skill.
Metadata
Frequently Asked Questions
What is spotify-news-digest?
Scrape and summarize Spotify-related news from multiple sources (Spotify official blogs, engineering/research/newsroom, TechCrunch, The Verge, Music Business... It is an AI Agent Skill for Claude Code / OpenClaw, with 199 downloads so far.
How do I install spotify-news-digest?
Run "/install spotify-news-digest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is spotify-news-digest free?
Yes, spotify-news-digest is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does spotify-news-digest support?
spotify-news-digest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created spotify-news-digest?
It is built and maintained by Bill Xia (@ibillxia); the current version is v1.0.1.
More Skills