← 返回 Skills 市场

Ai Daily

Name: Ai Daily
Author: yanhe

作者 yanhe · GitHub ↗ · v1.2.0

cross-platform ⚠ suspicious

482

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ai-daily-cn

功能描述

AI 日报 - 自动抓取 LLM/Agent 领域热点信息，生成结构化中文简报。

使用说明 (SKILL.md)

AI Daily - AI 大模型日报

自动从多个异构信息源抓取、筛选、提炼大模型（LLM）和智能体（Agent）领域的 Top 级热点信息与核心论文，生成结构化中文简报。

命令

生成日报

bash {baseDir}/scripts/generate.sh
bash {baseDir}/scripts/generate.sh --date 2026-02-26

查看今日简报

bash {baseDir}/scripts/view.sh today
bash {baseDir}/scripts/view.sh 2026-02-26

手动触发（通过 OpenClaw）

/ai-daily generate

数据源

官方实验室与博客

OpenAI, Anthropic, Google DeepMind, Meta AI, Mistral AI, Qwen, AWS ML

深度技术媒体

The Batch, Hugging Face, 机器之心，量子位，Distill

X (Twitter) KOL 追踪

karpathy, ylecun, _akhaliq 等（通过 Tavily Search）

学术论文

arXiv: cs.CL, cs.AI, cs.LG 分类

输出

每日生成 Markdown 格式简报，包含：

📌 核心大事件总结
🏢 官方框架更新
💬 KOL 前沿观点
📚 必读硬核论文

配置

编辑 {baseDir}/config/sources.json 自定义数据源。

定时任务

建议配置每日 08:00 自动执行：

# crontab -e
0 8 * * * cd /path/to/ai-daily && bash scripts/generate.sh

或在 OpenClaw 中使用 cron skill 设置。

安全使用建议

What to check before installing or running: - Review and fix undeclared env vars: the code calls an Alibaba LLM endpoint using ALIBABA_CLOUD_API_KEY but SKILL.md/registry metadata does not declare it. If you plan to use remote LLMs, only set that secret after you understand what data will be sent. - Do not run push-to-dingtalk.sh until you verify the destination: the script contains a hard-coded OpenClaw/DingTalk session id; running it will send report contents to that session. Remove or replace the session id with your own, or avoid running the script. - Fix TLS settings: ai_daily.py disables SSL verification (ssl.CERT_NONE); this permits silent man-in-the-middle attacks. Update the code to use default SSL verification (do not set verify_mode to CERT_NONE and keep check_hostname True) before running on sensitive networks. - Ensure required binaries are declared and present: the scripts call the 'openclaw' CLI in push/generation examples but the skill only declares python3 and curl. If you don't have OpenClaw CLI configured, those commands will fail; if you do, be aware they can transmit messages. - Consider running in an isolated environment first (container or sandbox) and inspect logs to confirm what external endpoints receive your data. If you need the skill but not external pushes or remote LLM calls, edit the code to disable push scripts and/or the call_llm function and run in 'local-only' / debug mode. - If you are unsure, ask the skill author to (1) explicitly declare all env vars the code uses (including ALIBABA_CLOUD_API_KEY), (2) remove hard-coded session ids or make them configurable, and (3) re-enable proper SSL verification and document why network calls are necessary.

功能分析

Type: OpenClaw Skill Name: ai-daily-cn Version: 1.2.0 The skill is classified as suspicious primarily due to a critical vulnerability in `scripts/ai_daily.py`. It disables SSL certificate verification (`ssl.CERT_NONE`) for all network requests, making it highly susceptible to Man-in-the-Middle (MITM) attacks. An attacker could intercept and inject malicious content into RSS feeds or API responses, potentially compromising the system. While there is no evidence of intentional malicious behavior like data exfiltration or unauthorized remote control, this severe vulnerability poses a significant security risk, allowing external attacks.

能力评估

⚠ Purpose & Capability

The name/description (collect RSS/Tavily/arXiv and produce a daily report) aligns with the code and scripts, but there are mismatches: the runtime uses an ALIBABA_CLOUD_API_KEY for LLM calls (seen in config/prompts.md and ai_daily.py) but SKILL.md's declared env metadata only lists TAVILY_API_KEY and GITHUB_TOKEN. The scripts also invoke the openclaw CLI ('openclaw sessions send' / 'openclaw cron add'), yet 'openclaw' is not listed as a required binary in SKILL.md or registry metadata. These omissions are incoherent with the declared requirements.

⚠ Instruction Scope

Runtime instructions and included scripts perform network fetches (RSS, Tavily, arXiv) and call an external LLM endpoint (Alibaba dashscope). The code reads environment variables (TAVILY_API_KEY, GITHUB_TOKEN, and ALIBABA_CLOUD_API_KEY) — but ALIBABA_CLOUD_API_KEY is used without being declared in SKILL.md. There is also a push-to-dingtalk.sh that will send report content to an OpenClaw session with a hard-coded session id (agent:main:dingtalk:group:cid+...), meaning if that script is executed it will post data to that session/channel. The SKILL.md instructions do not fully call out those behaviors or the undeclared env var use.

✓ Install Mechanism

There is no remote download/install step (instruction-only plus bundled scripts). No archive downloads or external installers are executed during install. That reduces supply-chain risk compared to skills that fetch arbitrary code at install time.

⚠ Credentials

The code expects multiple optional API keys (TAVILY_API_KEY, GITHUB_TOKEN, ALIBABA_CLOUD_API_KEY / ALIBABA key), but the SKILL.md metadata omitted ALIBABA_CLOUD_API_KEY and the registry lists no required env vars. The ALIBABA key grants remote LLM access to content the skill processes (report text, scraped content) — that is a powerful credential and should be explicitly declared. The push script can transmit report fragments to an external session/channel without prompting for credentials in the skill metadata.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request special platform privileges. However, it contains an optional push script that will send report contents to a pre-configured OpenClaw/DingTalk session id (hard-coded). That is not automatic by default, but the presence of an embedded session identifier is a privacy/safety concern and should be reviewed before running push-to-dingtalk.sh. The skill does not modify other skills or system-wide configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ai-daily-cn
安装完成后，直接呼叫该 Skill 的名称或使用 /ai-daily-cn 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

No file changes detected in this version. - Version number updated to 1.2.0, but no code or documentation changes are present. - No new features, fixes, or enhancements introduced.

v1.1.0

- Initial public release of ai-daily-cn. - Automatically gathers and summarizes top trending news and research in the LLM/Agent space in Chinese. - Supports multiple data sources: official labs, tech blogs, X (Twitter) KOLs, and relevant arXiv categories. - Structured daily report output in Markdown, including major events, framework updates, expert insights, and key papers. - Provides command-line and manual trigger options, as well as configuration for custom data sources and scheduled tasks.

元数据

Slug ai-daily-cn

版本 1.2.0

许可证 —

累计安装 5

当前安装数 5

历史版本数 2

常见问题

Ai Daily 是什么？

AI 日报 - 自动抓取 LLM/Agent 领域热点信息，生成结构化中文简报。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 482 次。

如何安装 Ai Daily？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-daily-cn」即可一键安装，无需额外配置。

Ai Daily 是免费的吗？

是的，Ai Daily 完全免费（开源免费），可自由下载、安装和使用。

Ai Daily 支持哪些平台？

Ai Daily 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Ai Daily？

由 yanhe（@yanhe）开发并维护，当前版本 v1.2.0。