← Back to Skills Marketplace
zer0yu

Sec Daily Digest

by z3r0yu · GitHub ↗ · v0.2.1
cross-platform ⚠ suspicious
497
Downloads
1
Stars
4
Active Installs
3
Versions
Install in OpenClaw
/install sec-daily-digest
Description
Fetches latest articles from CyberSecurityRSS OPML feeds, applies AI/rule-based scoring, merges CVE and major vulnerability events, and generates a bilingual...
Usage Guidance
What to consider before installing: - Provenance: the skill lists Source: unknown and has no homepage; prefer code from a known, verifiable repository or maintainer. - Credential exposure: despite registry metadata claiming no env vars, the SKILL.md and code require API keys (OpenAI, Gemini, Anthropic) and optionally Twitter keys. Only provide credentials you trust and limit their scope/permissions (use read-only or scoped keys where possible). - Data leakage: article full-text excerpts and prompts are sent to whichever AI provider you configure. If you will be processing any sensitive content, avoid sending it to third-party LLMs or use a local provider (Ollama) if suitable. - Persistent state: the skill creates ~/.sec-daily-digest and stores archives, health logs, and sources.yaml. If you want to sandbox it, set SEC_DAILY_DIGEST_HOME to a dedicated directory with limited access. - Testing: use --dry-run and --no-twitter first to validate behavior without making AI calls or contacting Twitter. Inspect and, if desired, run the test suite (bun test) locally before scheduling automatic runs. - Email behavior: the skill calls an external gog CLI for sending email if --email is used; that requires installing and authorizing gog separately. - If you are unsure: review the source code (providers and fetch/enrich code) yourself or ask the author for a trustworthy upstream repository; avoid supplying high-value credentials until provenance is verified.
Capability Analysis
Type: OpenClaw Skill Name: sec-daily-digest Version: 0.2.1 The sec-daily-digest skill bundle is a legitimate and well-structured tool designed to generate cybersecurity digests from RSS feeds and Twitter/X sources. It utilizes AI providers (OpenAI, Gemini, Claude, Ollama) for scoring, classification, and summarization, and includes robust features such as historical deduplication, vulnerability event merging, and source health monitoring. The code is transparent, includes an extensive test suite, and lacks any indicators of malicious intent, such as secret exfiltration, unauthorized persistence, or obfuscated payloads. All network activities (fetching RSS/Twitter data and AI API calls) and file operations (writing to ~/.sec-daily-digest) are consistent with its stated purpose of providing security researchers with curated technical intelligence.
Capability Assessment
Purpose & Capability
The SKILL.md and source code clearly require AI provider credentials (OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY) and optionally Twitter API keys, and write/read persistent state under ~/.sec-daily-digest. However the registry metadata lists no required env vars or credentials; that mismatch is a red flag. The code's functionality (RSS + Twitter fetching, AI scoring, full-text enrichment, archive & health state, email via gog) is coherent with the described purpose, but the absence of declared credentials in the manifest is inconsistent and unexplained. Also the skill's Source is 'unknown' and there is no homepage, which reduces provenance confidence.
Instruction Scope
The runtime instructions and code perform network fetches (OPML updates, RSS feeds, Twitter backends, full-text HTML fetches) and call third‑party AI APIs with article content. They also create/modify files under ~/.sec-daily-digest (config.yaml, sources.yaml, health.json, archive/*.json) and may invoke the gog CLI for email delivery. These actions are expected for a digest tool, but they do persist data locally and transmit article content to external LLM APIs (which could include sensitive text). There are no instructions that read unrelated system secrets, but SKILL.md/code do access environment variables (not declared in registry).
Install Mechanism
No install spec is provided (instruction-only from the registry perspective) and there are no fetched install artifacts. The package contains source code (TypeScript) and tests but no automatic network installer; risk from install mechanism is low. Note: runtime operations perform HTTP calls and write to disk when executed.
Credentials
The manifest claims no required env vars, but SKILL.md and code require multiple provider keys (OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY) and optional Twitter credentials (TWITTERAPI_IO_KEY, X_BEARER_TOKEN). Requiring multiple unrelated provider credentials without declaring them in the registry is disproportionate and inconsistent. The skill will send article content and excerpts to whichever AI provider you configure, which is appropriate for scoring but means those provider keys should be scoped and treated as sensitive. SEC_DAILY_DIGEST_HOME controls state dir and is appropriate.
Persistence & Privilege
The skill writes persistent state to ~/.sec-daily-digest (config, sources, health, archives, opml cache). 'always' is false (normal). Persistent storage and the ability to run on a schedule/cron are expected for this use-case, but combined with network access and API credentials it increases the blast radius if credentials are leaked or the skill is malicious. The skill does not appear to modify other skills' configs or request elevated system privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sec-daily-digest
  3. After installation, invoke the skill by name or use /sec-daily-digest
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.1
**Sec Daily Digest v0.2.1: Big update—adds Twitter/X KOL support, archive deduplication, source health monitoring, full-text enrichment, email delivery, and robust configuration.** - Integrates Twitter/X KOL feeds with dynamic backend selection (supports twitterapi.io and official API). - Adds article archive for 7d deduplication and scoring; keeps historical logs with auto-expiry. - Implements source health monitoring and “Health Warnings” section in reports. - Supports email delivery via `gogcli` with new `--email` CLI flag. - Introduces full-text enrichment option (`--enrich`) and skipping logic for paywalled or social sites. - Configuration expanded: new `sources.yaml` for Twitter KOLs; improved CLI and env var control. - Pipeline and CLI enhanced with stricter fallback logic, new options, improved logging, and detailed output/statistics. - Adds comprehensive test coverage and new utility modules for Twitter, archiving, email, and health tracking.
v0.2.0
Version 0.2.0 - Introduced modular AI pipeline stages: highlights, scoring, and summary - Added AI parsing and prompt handling modules for better structure - Expanded and updated end-to-end and unit tests for new pipeline stages - Improved markdown report generation logic - Updated documentation for new pipeline design and usage
v0.1.0
Initial release of sec-daily-digest. - Fetches latest articles from CyberSecurityRSS OPML feeds, applies AI/rule-based scoring, and generates a bilingual daily digest for cybersecurity researchers. - Merges articles related to the same CVE or major vulnerability events using semantic clustering and groups all reference links. - Configurable command-line options: provider, OPML feed, time range, output path, and top-N selection. - Supports multiple AI providers: OpenAI (default), Gemini, Claude, and Ollama. - Outputs digest structured as "AI发展", "安全动态", "漏洞专报" sections with key stats displayed in terminal.
Metadata
Slug sec-daily-digest
Version 0.2.1
License
All-time Installs 5
Active Installs 4
Total Versions 3
Frequently Asked Questions

What is Sec Daily Digest?

Fetches latest articles from CyberSecurityRSS OPML feeds, applies AI/rule-based scoring, merges CVE and major vulnerability events, and generates a bilingual... It is an AI Agent Skill for Claude Code / OpenClaw, with 497 downloads so far.

How do I install Sec Daily Digest?

Run "/install sec-daily-digest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sec Daily Digest free?

Yes, Sec Daily Digest is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sec Daily Digest support?

Sec Daily Digest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sec Daily Digest?

It is built and maintained by z3r0yu (@zer0yu); the current version is v0.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments