← Back to Skills Marketplace
374
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install auto-sec-blogger
Description
Collects security news from multiple sources, generates expert-level blog posts with GLM-4.7, publishes drafts to Notion, and auto-deploys approved posts to...
README (SKILL.md)
Intelligence Agent
개요
보안 뉴스를 자동으로 수집하고, LLM(GLM-4.7)을 사용하여 전문가 수준의 블로그 글을 작성한 후, Notion과 GitHub Pages에 자동으로 게시하는 시스템입니다.
GitHub 저장소와 동일: https://github.com/rebugui/intelligence-agent
아키텍처
뉴스 수집 (Google News, arXiv, HackerNews)
↓
GLM-4.7 글 작성 (전문 보안 블로그)
↓
Notion Draft 저장 (상태: Draft)
↓
사용자 검토 및 승인 (Human-in-the-Loop)
↓
Git Push → GitHub Actions → GitHub Pages
주요 기능
1. 뉴스 수집 (News Collection)
- Google News: 키워드 기반 보안 뉴스 수집
- arXiv: 최신 보안 연구 논문 수집
- HackerNews: 트렌딩 기술 뉴스 수집
- 중복 제거: URL 기반 중복 뉴스 필터링
2. LLM 글쓰기 (Content Generation)
- 모델: GLM-4.7 (Zhipu AI)
- 스타일: 전문 보안 블로그
- 구조:
- 제목 (헤드라인)
- 요약 (3줄 요약)
- 본문 (상세 분석)
- 결론 (시사점)
- 태그 (키워드)
- Mermaid 다이어그램: 공격 흐름, 아키텍처 시각화
3. Notion 통합 (Notion Integration)
- 상태 관리: Draft → Review → Approved → Published
- 자동 저장: 생성된 글 자동 저장
- 사용자 승인: Notion에서 상태 변경으로 배포 승인
4. Git 기반 발행 (Git Publishing)
- 자동 커밋: 마크다운 파일 Git에 커밋
- GitHub Actions: 자동 Jekyll 빌드
- GitHub Pages: 정적 블로그 배포
설치
1. 의존성 설치
cd ~/.openclaw/workspace/skills/intelligence-agent/scripts
pip3 install -r requirements.txt
2. 환경 변수 설정
# ~/.openclaw/workspace/.env
# GLM API
GLM_API_KEY=your_glm_api_key
GLM_BASE_URL=https://api.z.ai/api/coding/paas/v4
# Notion
NOTION_API_KEY=ntn_xxx
NOTION_DATABASE_ID=xxx
# GitHub Pages
GITHUB_TOKEN=ghp_xxx
GITHUB_BLOG_REPO=username/username.github.io
BLOG_LOCAL_PATH=/path/to/blog/repo
사용법
1. 전체 파이프라인 실행 (테스트용)
cd ~/.openclaw/workspace/skills/intelligence-agent/scripts
python3 intelligence_pipeline.py --max-articles 5
2. 뉴스 수집만
from collector import NewsCollector
collector = NewsCollector()
articles = collector.fetch_all(max_results_per_source=15)
3. 블로그 글 작성만
from writer import BlogWriter
writer = BlogWriter()
post = writer.generate_article(article_data)
4. Notion 발행만
from notion_publisher import NotionPublisher
publisher = NotionPublisher()
result = publisher.create_article(blog_post)
5. Git 발행만
from git_publisher_service import GitPublisherService
git_publisher = GitPublisherService()
git_publisher.publish(blog_posts)
워크플로우 상세
1단계: 뉴스 수집
# collector.py
class NewsCollector:
def fetch_google_news(self, query="security vulnerability"):
# Google News RSS 피드에서 수집
pass
def fetch_arxiv(self, category="cs.CR"):
# arXiv 보안 논문 수집
pass
def fetch_hackernews(self):
# HackerNews 트렌딩 기사 수집
pass
2단계: AI 기사 선별
# selector.py
class ArticleSelector:
async def evaluate_and_select(self, articles, max_articles=5):
# GLM-4.7으로 기사 품질 평가
# 점수 기반 상위 기사 선별
pass
3단계: 블로그 글 작성
# writer.py
class BlogWriter:
async def generate_article(self, article):
# GLM-4.7으로 블로그 글 작성
# Mermaid 다이어그램 생성
# 마크다운 형식 출력
pass
4단계: Notion 발행
# notion_publisher.py
class NotionPublisher:
def create_article(self, blog_post):
# Notion DB에 Draft 상태로 저장
# 상태: Draft → Review → Approved
pass
5단계: Git 발행 (사용자 승인 후)
# git_publisher_service.py
class GitPublisherService:
def publish(self, blog_posts):
# 마크다운 파일 생성
# Git commit & push
# GitHub Actions 트리거
pass
Cron 스케줄링
매일 08:30 자동 실행
# intelligence_pipeline.py
from apscheduler.schedulers.blocking import BlockingScheduler
scheduler = BlockingScheduler()
scheduler.add_job(run_pipeline, 'cron', hour=8, minute=30)
scheduler.start()
Notion 데이터베이스 구조
필수 속성
| 속성명 | 타입 | 설명 |
|---|---|---|
| 제목 | title | 블로그 글 제목 |
| 상태 | select | Draft/Review/Approved/Published |
| 날짜 | date | 발행일 |
| 태그 | multi_select | 키워드 |
| URL | url | 원문 URL |
| 카테고리 | select | 취약점/연구/트렌드 |
Jekyll 블로그 구조
blog/
├── _posts/
│ ├── 2025-03-09-cve-2025-xxxx-analysis.md
│ ├── 2025-03-09-ai-security-trends.md
│ └── ...
├── _layouts/
│ ├── post.html
│ └── default.html
├── _config.yml
└── .github/
└── workflows/
└── jekyll.yml
트러블슈팅
GLM API Rate Limit
❌ Error: Rate limit reached (429)
해결:
- 자동 재시도 3회
- 60초 대기 후 재시도
Notion API Error
❌ Error: Notion API error
해결:
- API 키 확인
- Database ID 확인
- Integration 권한 확인
Git Push 실패
❌ Error: Git push failed
해결:
- GitHub Token 확인
- 원격 저장소 권한 확인
- 브랜치 확인
파일 구조
intelligence-agent/
├── SKILL.md (이 파일)
├── scripts/
│ ├── intelligence_pipeline.py (메인 파이프라인)
│ ├── collector.py (뉴스 수집)
│ ├── selector.py (AI 기사 선별)
│ ├── writer.py (블로그 글 작성)
│ ├── notion_publisher.py (Notion 발행)
│ ├── git_publisher_service.py (Git 발행)
│ ├── llm_client.py (GLM API 클라이언트)
│ ├── llm_client_async.py (비동기 GLM 클라이언트)
│ ├── prompt_manager.py (프롬프트 관리)
│ ├── prompts.yaml (프롬프트 템플릿)
│ ├── models.py (데이터 모델)
│ ├── utils.py (유틸리티)
│ ├── config.py (설정)
│ └── requirements.txt (의존성)
└── references/
├── architecture.md (상세 아키텍처)
├── prompts_guide.md (프롬프트 가이드)
└── api_reference.md (API 레퍼런스)
환경 변수
필수
GLM_API_KEY # GLM-4.7 API 키
NOTION_API_KEY # Notion API 키
NOTION_DATABASE_ID # Notion 데이터베이스 ID
선택사항
GITHUB_TOKEN # GitHub 개인 액세스 토큰
GITHUB_BLOG_REPO # GitHub 블로그 저장소 (username/repo)
BLOG_LOCAL_PATH # 로컬 블로그 경로
테스트
전체 파이프라인 테스트
python3 test_full_pipeline.py
Mermaid 다이어그램 테스트
python3 test_mermaid_fix.py
참고자료
리소스
scripts/
원본 저장소의 모든 Python 스크립트 포함:
intelligence_pipeline.py- 전체 파이프라인 실행collector.py- 뉴스 수집기selector.py- AI 기사 선별writer.py- 블로그 글 작성notion_publisher.py- Notion 발행git_publisher_service.py- Git 발행llm_client.py- GLM API 클라이언트prompts.yaml- 프롬프트 템플릿
references/
architecture.md- 상세 아키텍처 설명prompts_guide.md- 프롬프트 작성 가이드api_reference.md- API 레퍼런스
Usage Guidance
Before installing or running this skill:
- Treat the package as a third-party repo snapshot that needs manual review — it contains hardcoded user paths (e.g., /Users/rebugui, /Users/nabang) and will try to read .env files from those locations.
- Expect it to require API keys (GLM/Notion) and a GitHub token even though the registry metadata lists none. Verify and set the exact environment variable names the code expects (search for INTELLIGENCE_* vs GLM_API_KEY/NOTION_API_KEY) and remove/rename any references to other users' paths.
- Audit all scripts that call subprocess (git, npx/mermaid-cli) and any filesystem writes (creating posts, logs). These will modify your home/workspace and can push to remote repositories.
- If you want to test: run in an isolated environment (container or dedicated test user) with minimal-scope tokens (restrict GitHub token to the single repo, use Notion integration with scoped DB access), and point BLOG paths to a disposable repo.
- Do not enable background service/launchd or cron scheduling until you confirm configuration, remove hardcoded paths, and are comfortable with automatic pushes to GitHub.
- If you are not comfortable auditing the code, avoid installing or only use a vetted fork from a known source (e.g., the original GitHub repo) and verify environment-variable and path changes before running.
Capability Analysis
Type: OpenClaw Skill
Name: auto-sec-blogger
Version: 1.0.1
The skill bundle is a complex security news aggregator and blogging automation tool that integrates with Notion, GitHub, and Zhipu AI. It is classified as suspicious primarily due to the presence of multiple hardcoded absolute file paths belonging to different local users (e.g., '/Users/rebugui/' and '/Users/nabang/') across several files, including auto_publish_approved.py, git_publisher_service.py, and run_git_publisher.py. These artifacts suggest the code was lifted directly from specific local environments and may behave unpredictably or attempt to access non-existent directories on a new system. Furthermore, the skill requires high-privilege credentials (GITHUB_TOKEN, NOTION_API_KEY) and performs potentially risky operations such as 'git push' and executing remote packages via 'npx' in notion_publisher.py.
Capability Assessment
Purpose & Capability
The files implement the claimed functionality (news collection → LLM generation → Notion draft → Git publish). That matches the description. However, the package appears to be a direct copy of an existing repo repackaged for this skill (references to github.com/rebugui/intelligence-agent) and contains many project-specific defaults and user-home absolute paths which are not appropriate for a generic skill.
Instruction Scope
SKILL.md asks you to set GLM/Notion/GitHub env vars and run scripts, but the actual code reads many environment variables with different names (e.g., INTELLIGENCE_* prefixes) and loads a .env from hardcoded locations. Scripts also instruct and perform actions outside the narrow 'generate a draft' scope: they read/write files in the user home, create logs, convert Mermaid via npx, run git commit/push, and include a background service (launchd) helper. These actions grant broad filesystem, network, and git access beyond a simple content generator.
Install Mechanism
No install spec is provided (instruction-only), so nothing will be automatically downloaded by the skill system. However, the code assumes external tools (git, node/npx, mermaid-cli) and Python dependencies exist and will call subprocesses (npx, git). That implicit reliance on host tooling increases runtime risk if the host environment is not tightly controlled.
Credentials
The registry metadata declares no required env vars, but SKILL.md and code demand multiple secrets (GLM API key, Notion API key/database id, GitHub token, DB path, blog repo path, etc.). There are inconsistent variable names across files (GLM_API_KEY vs INTELLIGENCE_LLM_API_KEY; NOTION_API_KEY vs INTELLIGENCE_NOTION_TOKEN; BLOG_DATABASE_ID vs INTELLIGENCE_BLOG_DATABASE_ID), which can cause the code to load unexpected values or fall back to defaults. Some scripts load a .env from absolute user paths (e.g., '/Users/rebugui/...'), which could accidentally expose local secrets if present.
Persistence & Privilege
The skill does not set always:true, but included scripts are designed to run as background services (git_publisher_service, auto_publish_approved) and to be scheduled (cron/apscheduler). If a user enables them, they will run periodically, access Notion and GitHub, modify local blog repositories, and push to remote origins. Combined with the filesystem and subprocess usage, this capability allows autonomous publishing and persistent activity — so treat service enablement carefully.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install auto-sec-blogger - After installation, invoke the skill by name or use
/auto-sec-blogger - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
auto-sec-blogger 1.1.0 introduces auto-publishing for Notion-approved posts.
- Added scripts/auto_publish_approved.py to enable automatic publishing of blog posts after Notion approval.
- Updated SKILL.md with new version and enhancements.
- Improved configuration in scripts/config.py.
- Enhanced publishing workflow in scripts/publish_github.py and scripts/run_pipeline.py.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Auto Sec Blogger?
Collects security news from multiple sources, generates expert-level blog posts with GLM-4.7, publishes drafts to Notion, and auto-deploys approved posts to... It is an AI Agent Skill for Claude Code / OpenClaw, with 374 downloads so far.
How do I install Auto Sec Blogger?
Run "/install auto-sec-blogger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Auto Sec Blogger free?
Yes, Auto Sec Blogger is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Auto Sec Blogger support?
Auto Sec Blogger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Auto Sec Blogger?
It is built and maintained by rebugui (@rebugui); the current version is v1.0.1.
More Skills