← Back to Skills Marketplace
Young Post Downloader
by
cgxxxxxxxxxxxx
· GitHub ↗
· v1.0.0
· MIT-0
119
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install young-post-downloader
Description
自动下载 Young Post Club Spark 网站文章并生成 PDF。使用场景:用户要求下载 Today's Read 文章、获取 Young Post 内容、批量抓取教育文章、生成学习材料 PDF、上传飞书云空间。支持:自动解析文章列表、批量下载、HTML 排版、PDF 转换、飞书上传。
Usage Guidance
This skill appears to do what it says (download Spark articles, make HTML/PDF, upload to Feishu), but a few practical details are missing: 1) Confirm the agent environment provides the web_fetch and feishu_drive_file capabilities (those will handle network requests and Feishu authentication). 2) Ensure google-chrome (headless) is installed on the host — the skill runs 'google-chrome' but the registry didn't list any required binaries. 3) Check where files will be written (WORKSPACE defaults to /home/admin/.openclaw/workspace) and that you’re comfortable with that path and its permissions. 4) Verify Feishu credentials/permissions are available to whatever platform skill performs uploads; the skill itself does not declare or manage OAuth tokens. 5) Respect copyright and rate limits when scraping. If you need higher assurance, ask the author to (a) declare required binaries and credentials in the registry metadata, and (b) replace os.system calls with explicit, audited subprocess calls or platform-provided PDF conversion APIs.
Capability Analysis
Type: OpenClaw Skill
Name: young-post-downloader
Version: 1.0.0
The skill bundle implements a workflow for scraping articles and converting them to PDF, but it contains a significant security vulnerability in `scripts/download_articles.py`. The `convert_to_pdf` function uses `os.system` to execute a shell command with f-string interpolation, which is a classic shell injection risk. While the current implementation uses date-based filenames, this pattern is inherently dangerous in an agentic environment. Additionally, the skill requires broad permissions including web fetching, local shell execution, and cloud storage interaction (Feishu/Lark), which could be repurposed for data exfiltration if the agent is compromised via prompt injection.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the two included scripts are coherent: they fetch Young Post Spark pages, parse article links, produce HTML/PDF, and upload to Feishu. The skill delegates web fetching and Feishu uploads to other platform skills (web_fetch, feishu_drive_file), which is expected. Minor issue: the skill relies on a local Chrome binary for PDF conversion and a workspace path (/home/admin/.openclaw/workspace) but does not declare the chrome binary or explain required Feishu credentials in the registry metadata.
Instruction Scope
SKILL.md and the scripts restrict actions to the declared workflow: fetch Spark page(s), extract article links, download content, create HTML, convert to PDF, upload to Feishu. They do not instruct reading unrelated system files or contacting unknown endpoints. The web_fetch/feishu calls imply network I/O and uploading user data to Feishu, which is appropriate for the stated purpose.
Install Mechanism
There is no install spec (instruction-only plus scripts bundled). No external downloads or archive extraction are used. This lowers installation risk; nothing is pulled from arbitrary URLs.
Credentials
The skill uses google-chrome to print to PDF and expects Feishu upload capability, but the registry metadata lists no required binaries or credentials. Specifically: (1) SKILL.md and the code call 'google-chrome' but 'required binaries' is empty — the runtime may fail if Chrome is absent. (2) The skill uploads to Feishu (feishu_drive_file) but declares no Feishu credentials; it appears to rely on another platform skill for auth, which is plausible, but you should confirm that Feishu authentication will be handled by the agent environment and that no undeclared secrets are needed. (3) It writes files to a default workspace (/home/admin/.openclaw/workspace) — verify this path is acceptable and writable and that it won't overwrite important data.
Persistence & Privilege
The skill is not marked 'always: true' and does not request elevated or persistent system privileges. It does not modify other skills' configurations. Autonomous invocation is allowed (platform default) but that is expected for this kind of skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install young-post-downloader - After installation, invoke the skill by name or use
/young-post-downloader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
young-post-downloader v1.0.0
- Initial release for automated downloading of Young Post Club Spark articles.
- Supports batch downloading, article categorization, and conversion to HTML and PDF.
- Integrates with Feishu for cloud file upload.
- Includes filters for specific categories and customizable output options.
- Provides clear workflow, error handling, and usage guidance.
Metadata
Frequently Asked Questions
What is Young Post Downloader?
自动下载 Young Post Club Spark 网站文章并生成 PDF。使用场景:用户要求下载 Today's Read 文章、获取 Young Post 内容、批量抓取教育文章、生成学习材料 PDF、上传飞书云空间。支持:自动解析文章列表、批量下载、HTML 排版、PDF 转换、飞书上传。 It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install Young Post Downloader?
Run "/install young-post-downloader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Young Post Downloader free?
Yes, Young Post Downloader is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Young Post Downloader support?
Young Post Downloader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Young Post Downloader?
It is built and maintained by cgxxxxxxxxxxxx (@cgxxxxxxxxxxxx); the current version is v1.0.0.
More Skills