Security News Feed Repo

Collects and summarizes Korean security news hourly from 11 sources using Gemini API, then publishes to Notion and optionally to Tistory blog.

What to consider before installing or running this skill: 1) Do not run it with real credentials until you audit the code. The skill bundle and SKILL.md are inconsistent with the registry: the package declares no required env vars, but the code expects many sensitive keys (Gemini/GLM/ZAI, NOTION_API_KEY, Notion DB IDs, TISTORY tokens, Slack webhook, Chrome profile dir). Provide only minimal, least-privilege test tokens if you must run it. 2) Inspect how it loads configuration. Multiple scripts explicitly read ~/.openclaw/workspace/.env and search parent directories for .env. That means it may pick up host environment secrets unintentionally. Either run it in an isolated environment (throwaway VM/container) or ensure there are no sensitive secrets in those locations. 3) The SKILL.md instructs cloning an external GitHub repo (URL differs from some file paths in the bundle). Confirm the authoritative source and check commit history and repo owner. If you clone externally, review requirements.txt and the code for unexpected network endpoints before pip install. 4) Beware of persistent local state: the skill creates SQLite caches and log files in data/ and may create Notion test pages. If you are concerned about data exfiltration, run in a sandboxed container without network or with restricted outbound access. 5) The SKILL.md contained a prompt-injection signal (unicode control chars). Open SKILL.md in a hex-aware editor to see hidden characters; remove or sanitize them before giving it to an LLM or executing documentation-driven scripts. 6) To reduce risk if you want to try it: - Disable publishing (set ENABLE_NOTION_PUBLISHING / ENABLE_TISTORY_PUBLISHING to false) and run only crawler+local summary. - Use a dedicated Notion integration with minimal permissions and an empty test database if you must test publishing. - Prefer running in an ephemeral container/VM, with no access to your real ~/.env, and network egress rules restricting unexpected hosts. - Search the code for any hardcoded IDs/URLs (e.g., the check_notion.py has a hardcoded database_id) and confirm they are safe to use or remove them. 7) If you lack the ability to audit the code yourself, consider not installing this skill or ask for an audited copy from a trusted source. The inconsistencies (undeclared env vars, host .env reads, external clone instruction, prompt-injection pattern) are legitimate red flags that warrant caution.

Type: OpenClaw Skill Name: security-news-feed-repo Version: 1.0.1 The skill bundle is a comprehensive security news aggregator designed to collect, summarize, and publish updates from various Korean security sources. It utilizes standard libraries for web scraping (BeautifulSoup, Selenium) and API interactions (Notion, Gemini/GLM). While it employs `subprocess.run` to execute `curl` in `modules/crawlers/skshieldus.py` and uses Selenium for browser automation in `modules/tistory_handler.py`, these actions are technically justified by the stated goals of bypassing crawling restrictions and automating blog posts. The code is well-structured, and no evidence of malicious intent, such as credential theft or unauthorized data exfiltration, was identified.