← Back to Skills Marketplace
330
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install v2ex-monitor
Description
监控指定 V2EX 节点的新帖与提醒,生成 Markdown 汇总报告,支持 MCP 查询和定时拉取数据。
Usage Guidance
This skill appears to implement exactly what it claims (monitor V2EX nodes, fetch notifications, generate Markdown reports, and expose MCP tools) and it only needs a V2EX API key stored in a local config file. However, before installing or running it: 1) Review and fix the code that disables TLS verification (search for ssl.CERT_NONE and ctx.check_hostname=False) — enable proper certificate validation to avoid MITM exposure of your API key and data. 2) Inspect and fix the obvious code issues (incomplete identifiers like load_con and _n) and run the scripts in a sandbox to confirm behavior. 3) Keep your V2EX API key private (the skill stores it in a local JSON file in the skill directory). 4) If you plan to let agents invoke the MCP interface automatically, be aware that any agent or integration that can call the MCP tools will be able to use your configured API key; only enable MCP/stdio for trusted agents. If you want, I can point to the exact lines that disable SSL verification and suggest secure replacements.
Capability Analysis
Type: OpenClaw Skill
Name: v2ex-monitor
Version: 1.0.0
The V2EX Monitor skill bundle contains a significant security vulnerability where SSL certificate verification is explicitly disabled in both `v2ex_mcp.py` and `v2ex_monitor.py` (`ssl.CERT_NONE`). This high-risk behavior exposes users to Man-in-the-Middle (MITM) attacks when communicating with the V2EX API. While the code's logic aligns with its stated purpose of forum monitoring and lacks clear evidence of intentional malice or data exfiltration to third-party domains, the deliberate bypass of standard security protocols warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and the provided scripts consistently implement V2EX node monitoring, notification fetching, report generation, and an MCP toolset. Required capabilities (API key stored in a config file) are proportional to the stated purpose.
Instruction Scope
Runtime instructions stick to the stated task (configure API key, run monitor, start MCP). The skill reads/writes local files inside its skills directory (config and seen_* files) and only calls the declared V2EX API endpoints. However, the runtime code disables SSL certificate verification for HTTP requests in multiple places which expands the attack surface (MITM risk) and is not warranted by the stated purpose.
Install Mechanism
No install script; instruction-only install guidance and requirements.txt are provided. Dependencies (urllib3, requests, mcp, pydantic) are sensible for the functionality. No downloads from untrusted URLs or archive extraction.
Credentials
The skill does not request environment variables or unrelated credentials. It requires a V2EX API key, stored in a local JSON config file—this is appropriate and minimal for the functionality.
Persistence & Privilege
always is false and the skill only writes files under its own directory (config and seen_* data). It does not request global agent configuration or other skills' credentials. Autonomous invocation is enabled by default but not excessive here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install v2ex-monitor - After installation, invoke the skill by name or use
/v2ex-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
V2EX Monitor Skill 1.0.0 — First release
- Monitor specified V2EX nodes for new posts and notifications.
- Generates Markdown summary reports and saves tracking data to avoid duplicates.
- Provides both command-line tools and MCP service entry for seamless integration with AI Agents and automation tools.
- Modular structure with clear configuration, supporting both direct and MCP-based invocation.
- No API key included—user must configure their own.
Metadata
Frequently Asked Questions
What is v2ex-monitor?
监控指定 V2EX 节点的新帖与提醒,生成 Markdown 汇总报告,支持 MCP 查询和定时拉取数据。 It is an AI Agent Skill for Claude Code / OpenClaw, with 330 downloads so far.
How do I install v2ex-monitor?
Run "/install v2ex-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is v2ex-monitor free?
Yes, v2ex-monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does v2ex-monitor support?
v2ex-monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created v2ex-monitor?
It is built and maintained by minglu6 (@minglu6); the current version is v1.0.0.
More Skills