← 返回 Skills 市场
122
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ai-hotspot-daily
功能描述
全网热点聚合 - 微博/知乎/抖音/新闻热榜自动抓取,生成 AI 友好格式的每日热点日报
使用说明 (SKILL.md)
全网热点聚合技能
自动抓取各大平台热榜,生成 AI 友好的热点日报,让 AI 知道今天发生了什么!
🎯 功能特性
- 🔥 多平台热榜 - 微博/知乎/抖音/百度/36 氪等
- 📊 智能去重 - 合并相似热点
- 📝 AI 友好格式 - 结构化数据,AI 易解析
- 📅 定时生成 - 每日 8:00 自动发布
- 💬 对话建议 - 提供 AI 回应建议
- 📈 情绪分析 - 网友情绪倾向
📦 数据源
| 平台 | 更新频率 | 抓取数量 | 优先级 |
|---|---|---|---|
| 微博热搜 | 10 分钟 | TOP50 | ⭐⭐⭐⭐⭐ |
| 知乎热榜 | 5 分钟 | TOP50 | ⭐⭐⭐⭐⭐ |
| 抖音热榜 | 分钟级 | TOP50 | ⭐⭐⭐⭐ |
| 百度热搜 | 实时 | TOP50 | ⭐⭐⭐⭐ |
| 36 氪 | 小时级 | TOP20 | ⭐⭐⭐⭐ |
| 虎嗅 | 小时级 | TOP20 | ⭐⭐⭐ |
| 新华网 | 小时级 | TOP10 | ⭐⭐⭐⭐ |
🚀 快速开始
1. 安装技能
clawhub install hotspot-aggregator
2. 配置(可选)
mkdir -p ~/.openclaw/hotspot
cat > ~/.openclaw/hotspot/config.json \x3C\x3C 'EOF'
{
"sources": ["weibo", "zhihu", "douyin", "36kr"],
"topN": 20,
"notifyUser": "你的微信 [email protected]"
}
EOF
3. 使用
# 获取今日热点
hotspot-aggregator today
# 获取昨日热点
hotspot-aggregator yesterday
# 生成日报并发送
hotspot-aggregator daily-report
# 指定平台
hotspot-aggregator --source weibo,zhihu
📝 输出格式
Markdown 日报(给人看)
# 🔥 每日热点 - 2026-03-23
## 微博热搜 TOP10
1. 某明星离婚 🔥 讨论 500 万
2. 某公司发布新产品 📱 讨论 300 万
...
## 知乎热榜 TOP10
1. 如何评价 XXX 事件?
2. XXX 是什么体验?
...
JSON 数据(给 AI 看)
{
"date": "2026-03-23",
"sources": [
{
"name": "微博热搜",
"items": [
{
"rank": 1,
"title": "某明星离婚",
"hot_value": 5000000,
"keywords": ["离婚", "财产分割"],
"sentiment": "吃瓜",
"ai_suggestion": "保持中立,不站队"
}
]
}
]
}
🔧 技术实现
核心流程
1. 定时触发(每日 7:00)
↓
2. 并发抓取各平台热榜
↓
3. 数据清洗 + 去重
↓
4. 情绪分析 + 回应建议
↓
5. 生成 Markdown + JSON
↓
6. 发布到公众号 + 存入向量库
↓
7. AI 可以消费了!
抓取示例
// 微博热搜
async function fetchWeibo() {
const rss = await fetch('https://rsshub.app/weibo/search/hot');
const items = await parseRSS(rss);
return items.slice(0, 50).map(item => ({
rank: items.indexOf(item) + 1,
title: item.title,
hot_value: extractHotValue(item),
url: item.link
}));
}
// 知乎热榜
async function fetchZhihu() {
const rss = await fetch('https://rsshub.app/zhihu/hotlist');
const items = await parseRSS(rss);
return items.slice(0, 50).map(item => ({
rank: items.indexOf(item) + 1,
title: item.title,
answer_count: item.answer_count,
url: item.link
}));
}
📅 定时任务
每日 7:00 抓取
openclaw cron create \
--schedule "0 7 * * *" \
--command "hotspot-aggregator fetch"
每日 8:00 发布
openclaw cron create \
--schedule "0 8 * * *" \
--command "hotspot-aggregator publish"
🦆 AI 消费指南
如何引用热点
当用户提到热点事件时:
- 检索 - 从向量库查找相关热点
- 提取 - 获取关键信息(时间/地点/人物)
- 陈述 - 客观描述事实
- 建议 - 提醒核实信息
对话示例
用户:"今天那个明星离婚的事你怎么看?"
AI 检索 → 匹配到"微博热搜#1"
AI 回复:
"看到了,今天微博热搜第一。目前已知信息:
- 双方已发布声明
- 涉及财产分割和孩子抚养
- 网友讨论约 500 万次
这件事比较复杂,建议等官方消息,
我们吃瓜就好,不要太站队~"
⚠️ 注意事项
- 信息准确性 - 提醒用户核实
- 敏感话题 - 不涉及政治敏感
- 情绪引导 - 保持客观中立
- 版权尊重 - 注明来源
📊 后续计划
v1.1(1 周后)
- 情绪分析增强
- 更多数据源
- 实时推送
v2.0(1 月后)
- 付费订阅 API
- 企业舆情监控
- 行业报告生成
许可证
MIT-0 License
安全使用建议
What to consider before installing:
- Hardcoded paths: The scripts write/read data to /home/lin/.openclaw/... (a specific developer home). On your machine this will likely fail or, worse, read/overwrite other users' or system files if that path exists. Expect to edit the scripts to use relative or configurable paths (use process.env.HOME or the skill's install directory consistently).
- Messaging behavior: The report-sender constructs and runs an openclaw CLI command using a hardcoded bot account id and the notifyUser value. That means the skill will run shell commands on your system and attempt to send messages via your openclaw configuration. If notifyUser contains special characters, the constructed command could be abused for shell injection. Before running, sanitize/validate notifyUser and consider replacing execSync calls with safe programmatic APIs.
- Missing dependency declarations: generate-daily-report.js uses require('deasync') but package.json has no dependencies. The skill may crash at runtime or prompt you to install extra modules. Review and add proper dependency declarations.
- Privilege/scope mismatch: The skill does not request credentials but relies on the presence and configuration of the openclaw CLI and a messaging account. Confirm what account the CLI will use and whether you are comfortable the skill can trigger messages via your environment.
- Mitigations: Inspect and edit the code before installation: fix hardcoded /home/lin paths to use a configurable data directory, remove or safely escape shell command construction, declare and install required Node dependencies in package.json, and confirm the openclaw account id and permissions. Run the skill in a sandbox/container or a throwaway account first.
Given these mismatches and risks (file path assumptions, shell command construction, and undeclared deps), the skill is suspicious but not clearly malicious; manual code corrections and tighter runtime safety are recommended before use.
功能分析
Type: OpenClaw Skill
Name: ai-hotspot-daily
Version: 1.0.0
The skill bundle contains a command injection vulnerability in 'scripts/generate-daily-report.js' where news headlines are passed to a shell command via 'execSync' with insufficient sanitization (only escaping double quotes). Additionally, both 'scripts/fetch-hotspots.js' and 'scripts/generate-daily-report.js' contain hardcoded absolute file paths (e.g., '/home/lin/...') which suggests poor portability and potential developer oversight. While the code appears to fulfill its stated purpose of aggregating news via RSSHub, the lack of input validation on external data makes it vulnerable to exploitation.
能力评估
Purpose & Capability
The skill's name/description (hotspot aggregator) matches the code: it fetches RSS feeds, deduplicates, and generates reports. However, the runtime scripts write/read data to a hardcoded /home/lin/.openclaw/... path rather than relative or configurable locations, which is disproportionate and inconsistent with a general-purpose skill intended for arbitrary users. The package.json/install.sh imply installation under the skill directory or user home (~/.openclaw/hotspot), but the scripts persist data into another user's (or developer's) path — this mismatch is unexpected and suspicious.
Instruction Scope
The SKILL.md and scripts instruct network requests to public RSS endpoints (expected) but the code also reads/writes files in /home/lin/.openclaw/extensions/openclaw-weixin/skills/hotspot-aggregator/data (a location outside the skill bundle) and reads ~/.openclaw/hotspot/config.json. generate-daily-report.js also invokes the openclaw CLI to send messages. These file writes/reads and the arbitrary CLI invocation expand the scope beyond simple fetching/formatting and could interact with other OpenClaw components or users' environments.
Install Mechanism
This is an instruction-and-script skill (no remote download). install.sh creates ~/.openclaw/hotspot and sets script executable bits — low install risk. There is no network-based installer or download URL. However, package.json defines an install script which will run install.sh if npm install is used; that is expected but worth noting because it writes config files automatically.
Credentials
The skill declares no required env vars or credentials, yet it relies on: (1) availability of the openclaw CLI and its configured accounts, (2) a hardcoded messaging account id ('d72d5b576646-im-bot') used when sending messages, and (3) process.env.HOME in part but also a hardcoded /home/lin path in other parts. The messaging command is constructed using string interpolation with notifyUser inserted into a shell command (potential command-injection risk if notifyUser is attacker-controlled). Also the code requires 'deasync' at runtime but package.json has no dependencies listed — runtime failures or unexpected behavior may occur. Asking no credentials while using an internal CLI and hardcoded account is disproportionate and surprising.
Persistence & Privilege
always is false (good), and the skill does not declare privileged flags. However, the scripts write into /home/lin/.openclaw/extensions/openclaw-weixin/skills/... which is an area that may belong to other extensions or the platform; the skill could therefore create or overwrite files there. This file placement is unexpected for a skill and increases persistence/impact if misused. The skill does not modify other skills' configs explicitly, but the file path choice is concerning.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-hotspot-daily - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-hotspot-daily触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
hotspot-aggregator v1.0.0 初始发布
- 聚合微博、知乎、抖音、百度、36氪等平台热榜,每日自动生成热点日报。
- 提供结构化、AI 友好的输出格式(Markdown/JSON),包含情绪分析及对话建议。
- 支持定时抓取、去重、抓取配置和按平台筛选。
- 适用于个人、AI 对话助手、内容分析等场景。
元数据
常见问题
Hotspot Aggregator 是什么?
全网热点聚合 - 微博/知乎/抖音/新闻热榜自动抓取,生成 AI 友好格式的每日热点日报. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 Hotspot Aggregator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-hotspot-daily」即可一键安装,无需额外配置。
Hotspot Aggregator 是免费的吗?
是的,Hotspot Aggregator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Hotspot Aggregator 支持哪些平台?
Hotspot Aggregator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hotspot Aggregator?
由 linzmin(@linzmin)开发并维护,当前版本 v1.0.0。
推荐 Skills