← 返回 Skills 市场
rebugui

Auto Sec Blogger Repo

作者 rebugui · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
295
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install auto-sec-blogger-repo
功能描述
Collects security news from multiple sources, generates expert-level blog posts with GLM-4.7, publishes drafts to Notion, and auto-deploys approved posts to...
使用说明 (SKILL.md)

Intelligence Agent

개요

보안 뉴스를 자동으로 수집하고, LLM(GLM-4.7)을 사용하여 전문가 수준의 블로그 글을 작성한 후, Notion과 GitHub Pages에 자동으로 게시하는 시스템입니다.

GitHub 저장소와 동일: https://github.com/rebugui/intelligence-agent

아키텍처

뉴스 수집 (Google News, arXiv, HackerNews)
    ↓
GLM-4.7 글 작성 (전문 보안 블로그)
    ↓
Notion Draft 저장 (상태: Draft)
    ↓
사용자 검토 및 승인 (Human-in-the-Loop)
    ↓
Git Push → GitHub Actions → GitHub Pages

주요 기능

1. 뉴스 수집 (News Collection)

  • Google News: 키워드 기반 보안 뉴스 수집
  • arXiv: 최신 보안 연구 논문 수집
  • HackerNews: 트렌딩 기술 뉴스 수집
  • 중복 제거: URL 기반 중복 뉴스 필터링

2. LLM 글쓰기 (Content Generation)

  • 모델: GLM-4.7 (Zhipu AI)
  • 스타일: 전문 보안 블로그
  • 구조:
    • 제목 (헤드라인)
    • 요약 (3줄 요약)
    • 본문 (상세 분석)
    • 결론 (시사점)
    • 태그 (키워드)
  • Mermaid 다이어그램: 공격 흐름, 아키텍처 시각화

3. Notion 통합 (Notion Integration)

  • 상태 관리: Draft → Review → Approved → Published
  • 자동 저장: 생성된 글 자동 저장
  • 사용자 승인: Notion에서 상태 변경으로 배포 승인

4. Git 기반 발행 (Git Publishing)

  • 자동 커밋: 마크다운 파일 Git에 커밋
  • GitHub Actions: 자동 Jekyll 빌드
  • GitHub Pages: 정적 블로그 배포

설치

1. 의존성 설치

cd ~/.openclaw/workspace/skills/intelligence-agent/scripts
pip3 install -r requirements.txt

2. 환경 변수 설정

# ~/.openclaw/workspace/.env

# GLM API
GLM_API_KEY=your_glm_api_key
GLM_BASE_URL=https://api.z.ai/api/coding/paas/v4

# Notion
NOTION_API_KEY=ntn_xxx
NOTION_DATABASE_ID=xxx

# GitHub Pages
GITHUB_TOKEN=ghp_xxx
GITHUB_BLOG_REPO=username/username.github.io
BLOG_LOCAL_PATH=/path/to/blog/repo

사용법

1. 전체 파이프라인 실행 (테스트용)

cd ~/.openclaw/workspace/skills/intelligence-agent/scripts
python3 intelligence_pipeline.py --max-articles 5

2. 뉴스 수집만

from collector import NewsCollector

collector = NewsCollector()
articles = collector.fetch_all(max_results_per_source=15)

3. 블로그 글 작성만

from writer import BlogWriter

writer = BlogWriter()
post = writer.generate_article(article_data)

4. Notion 발행만

from notion_publisher import NotionPublisher

publisher = NotionPublisher()
result = publisher.create_article(blog_post)

5. Git 발행만

from git_publisher_service import GitPublisherService

git_publisher = GitPublisherService()
git_publisher.publish(blog_posts)

워크플로우 상세

1단계: 뉴스 수집

# collector.py
class NewsCollector:
    def fetch_google_news(self, query="security vulnerability"):
        # Google News RSS 피드에서 수집
        pass

    def fetch_arxiv(self, category="cs.CR"):
        # arXiv 보안 논문 수집
        pass

    def fetch_hackernews(self):
        # HackerNews 트렌딩 기사 수집
        pass

2단계: AI 기사 선별

# selector.py
class ArticleSelector:
    async def evaluate_and_select(self, articles, max_articles=5):
        # GLM-4.7으로 기사 품질 평가
        # 점수 기반 상위 기사 선별
        pass

3단계: 블로그 글 작성

# writer.py
class BlogWriter:
    async def generate_article(self, article):
        # GLM-4.7으로 블로그 글 작성
        # Mermaid 다이어그램 생성
        # 마크다운 형식 출력
        pass

4단계: Notion 발행

# notion_publisher.py
class NotionPublisher:
    def create_article(self, blog_post):
        # Notion DB에 Draft 상태로 저장
        # 상태: Draft → Review → Approved
        pass

5단계: Git 발행 (사용자 승인 후)

# git_publisher_service.py
class GitPublisherService:
    def publish(self, blog_posts):
        # 마크다운 파일 생성
        # Git commit & push
        # GitHub Actions 트리거
        pass

Cron 스케줄링

매일 08:30 자동 실행

# intelligence_pipeline.py
from apscheduler.schedulers.blocking import BlockingScheduler

scheduler = BlockingScheduler()
scheduler.add_job(run_pipeline, 'cron', hour=8, minute=30)
scheduler.start()

Notion 데이터베이스 구조

필수 속성

속성명 타입 설명
제목 title 블로그 글 제목
상태 select Draft/Review/Approved/Published
날짜 date 발행일
태그 multi_select 키워드
URL url 원문 URL
카테고리 select 취약점/연구/트렌드

Jekyll 블로그 구조

blog/
├── _posts/
│   ├── 2025-03-09-cve-2025-xxxx-analysis.md
│   ├── 2025-03-09-ai-security-trends.md
│   └── ...
├── _layouts/
│   ├── post.html
│   └── default.html
├── _config.yml
└── .github/
    └── workflows/
        └── jekyll.yml

트러블슈팅

GLM API Rate Limit

❌ Error: Rate limit reached (429)

해결:

  • 자동 재시도 3회
  • 60초 대기 후 재시도

Notion API Error

❌ Error: Notion API error

해결:

  • API 키 확인
  • Database ID 확인
  • Integration 권한 확인

Git Push 실패

❌ Error: Git push failed

해결:

  • GitHub Token 확인
  • 원격 저장소 권한 확인
  • 브랜치 확인

파일 구조

intelligence-agent/
├── SKILL.md (이 파일)
├── scripts/
│   ├── intelligence_pipeline.py (메인 파이프라인)
│   ├── collector.py (뉴스 수집)
│   ├── selector.py (AI 기사 선별)
│   ├── writer.py (블로그 글 작성)
│   ├── notion_publisher.py (Notion 발행)
│   ├── git_publisher_service.py (Git 발행)
│   ├── llm_client.py (GLM API 클라이언트)
│   ├── llm_client_async.py (비동기 GLM 클라이언트)
│   ├── prompt_manager.py (프롬프트 관리)
│   ├── prompts.yaml (프롬프트 템플릿)
│   ├── models.py (데이터 모델)
│   ├── utils.py (유틸리티)
│   ├── config.py (설정)
│   └── requirements.txt (의존성)
└── references/
    ├── architecture.md (상세 아키텍처)
    ├── prompts_guide.md (프롬프트 가이드)
    └── api_reference.md (API 레퍼런스)

환경 변수

필수

GLM_API_KEY          # GLM-4.7 API 키
NOTION_API_KEY       # Notion API 키
NOTION_DATABASE_ID   # Notion 데이터베이스 ID

선택사항

GITHUB_TOKEN         # GitHub 개인 액세스 토큰
GITHUB_BLOG_REPO     # GitHub 블로그 저장소 (username/repo)
BLOG_LOCAL_PATH      # 로컬 블로그 경로

테스트

전체 파이프라인 테스트

python3 test_full_pipeline.py

Mermaid 다이어그램 테스트

python3 test_mermaid_fix.py

참고자료

리소스

scripts/

원본 저장소의 모든 Python 스크립트 포함:

  • intelligence_pipeline.py - 전체 파이프라인 실행
  • collector.py - 뉴스 수집기
  • selector.py - AI 기사 선별
  • writer.py - 블로그 글 작성
  • notion_publisher.py - Notion 발행
  • git_publisher_service.py - Git 발행
  • llm_client.py - GLM API 클라이언트
  • prompts.yaml - 프롬프트 템플릿

references/

  • architecture.md - 상세 아키텍처 설명
  • prompts_guide.md - 프롬프트 작성 가이드
  • api_reference.md - API 레퍼런스
安全使用建议
Key things to consider before installing or running this skill: - It is not truly 'instruction-only': many Python scripts are bundled and will create files, start persistent monitoring, and run subprocesses (npx, git). Review the code locally before running. - Registry metadata lists no required env vars, but the SKILL.md/code need multiple secrets (GLM/Notion/GitHub). Confirm which exact environment variable names the code reads (note: code uses INTELLIGENCE_* names in config and also GLM_API_KEY/NOTION_API_KEY in other files). Set these in a dedicated sandboxed environment, not your primary account environment. - The scripts load a .env from a PROJECT_ROOT (defaults to /Users/nabang/Documents/OpenClaw). Make sure it will not accidentally load a .env containing unrelated secrets from your machine. - The Notion publisher runs subprocess npx @mermaid-js/mermaid-cli to build diagrams — that executes external npm code. Ensure you trust the dependency and have Node/npm installed in a safe environment. - The git publisher will clone, write, commit, and push to a repo using a GITHUB_TOKEN. Use a least-privilege token scoped to only the target repo (no org-wide or full repo scopes if avoidable) and consider using a dedicated service account. - If you plan to enable automated background operation (cron/launchd), run it in an isolated VM/container with separate keys, and monitor logs and network activity. - Because of inconsistent env var names and hardcoded default paths, test the pipeline manually in a controlled environment first (run scripts interactively) and search the repo for any absolute paths or unexpected network endpoints before allowing scheduled/autonomous runs. If you want, I can list the exact env variable names the code reads and the files that write to disk or run subprocesses so you can perform a focused review.
功能分析
Type: OpenClaw Skill Name: auto-sec-blogger-repo Version: 1.0.1 The skill bundle is a comprehensive automation tool for maintaining a security blog. It collects news from RSS feeds (Google News, arXiv, HackerNews), uses the GLM-4.7 LLM to generate professional blog posts, and automates publishing to Notion and GitHub Pages. The code follows a logical and transparent workflow, utilizing standard APIs and subprocess calls (git, npx) with safe practices like list-based arguments to prevent shell injection. While it requires high-privilege credentials (GitHub tokens, Notion keys) and performs file system operations, these actions are strictly aligned with its stated purpose. No evidence of data exfiltration, obfuscation, or intentional backdoors was found across the scripts (e.g., intelligence_pipeline.py, notion_publisher.py, publisher_git.py).
能力评估
Purpose & Capability
The repository code implements the advertised pipeline (collectors, LLM writer, Notion publisher, Git publisher). However the registry metadata declares no required environment variables or binaries while the SKILL.md and code require multiple API keys and external tools (GLM API keys / Notion tokens / GitHub token, Node (npx) for mermaid CLI, git). That mismatch (no required envs listed vs. many actually needed) is inconsistent and likely to confuse users.
Instruction Scope
Runtime instructions and code perform broad side effects: reading a .env file from a PROJECT_ROOT, creating directories and files (logs, data, blog repo), running subprocesses (npx mermaid-cli), cloning and writing to a local blog repo, committing & pushing to GitHub, and running a launchd-style background service. The SKILL.md and scripts also refer to absolute user paths (e.g., /Users/nabang/Documents/OpenClaw) and will load environment variables from that project .env. These actions go beyond 'just generating text' and can modify a user's filesystem and network (Git/Notion/GLM), so they should be flagged for explicit user review before running.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs pip installing requirements.txt. The code will call external binaries at runtime (npx via subprocess, git) — these are not declared in the registry metadata. Lack of an install script means arbitrary code files will be present and executed only when user runs scripts; this reduces some risk but the presence of subprocess calls to external toolchains (npm/npx) is important to notice.
Credentials
Registry lists no required env vars, but SKILL.md and the code expect multiple secrets (GLM_API_KEY / GLM_BASE_URL, NOTION_API_KEY, NOTION_DATABASE_ID, GITHUB_TOKEN, and also differently-named vars in config like INTELLIGENCE_LLM_API_KEY, INTELLIGENCE_NOTION_TOKEN, INTELLIGENCE_BLOG_DATABASE_ID). The code loads a .env from PROJECT_ROOT and uses getenv for many INTELLIGENCE_* names — this mismatch can cause accidental reading of unrelated .env files and unexpected secrets. Asking for Git and Notion tokens is reasonable for the stated purpose, but the inconsistent variable names and .env loading behavior are disproportionate and confusing.
Persistence & Privilege
always:false (good), but the code includes a git_publisher_service script intended to run as a background service (launchd), and writes logs to absolute paths under /Users/nabang/Documents/OpenClaw. If a user enables that service (or follows instructions to schedule via cron/launchd), the skill will run periodically with access to filesystem, tokens, and network. It does not modify other skills' configs, but the potential for persistent background execution combined with filesystem/credential access raises operational risk and requires explicit caution.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install auto-sec-blogger-repo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /auto-sec-blogger-repo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
auto-sec-blogger-repo 1.0.1 - Added a comprehensive README.md for user onboarding and documentation. - No changes to functionality; documentation update only.
v1.0.0
Initial release of auto-sec-blogger, an automated security news blogging system. - Collects news from Google News, arXiv, and HackerNews, removes duplicates, and selects articles. - Generates professional security blog posts using GLM-4.7, including headlines, summaries, analysis, conclusions, keywords, and Mermaid diagrams. - Publishes drafts to Notion with a Human-in-the-Loop review and approval workflow. - Automatically deploys approved posts to GitHub Pages via GitHub Actions. - Provides detailed installation, configuration, troubleshooting, and testing instructions.
元数据
Slug auto-sec-blogger-repo
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Auto Sec Blogger Repo 是什么?

Collects security news from multiple sources, generates expert-level blog posts with GLM-4.7, publishes drafts to Notion, and auto-deploys approved posts to... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 295 次。

如何安装 Auto Sec Blogger Repo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install auto-sec-blogger-repo」即可一键安装,无需额外配置。

Auto Sec Blogger Repo 是免费的吗?

是的,Auto Sec Blogger Repo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Auto Sec Blogger Repo 支持哪些平台?

Auto Sec Blogger Repo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Auto Sec Blogger Repo?

由 rebugui(@rebugui)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论