← 返回 Skills 市场
1154
总下载
1
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install clawfeed-2
功能描述
AI-powered tool generating structured news summaries from Twitter and RSS feeds with digest options for 4H, daily, weekly, and monthly intervals.
使用说明 (SKILL.md)
ClawFeed
AI-powered news digest tool. Automatically generates structured summaries (4H/daily/weekly/monthly) from Twitter and RSS feeds.
Credentials & Dependencies
ClawFeed runs in read-only mode with zero credentials — browse digests, view feeds, switch languages. Authentication features (bookmarks, sources, packs) require additional credentials.
| Credential | Purpose | Required |
|---|---|---|
GOOGLE_CLIENT_ID |
Google OAuth login | For auth features |
GOOGLE_CLIENT_SECRET |
Google OAuth login | For auth features |
SESSION_SECRET |
Session cookie encryption | For auth features |
API_KEY |
Digest creation endpoint protection | For write API |
Runtime dependency: SQLite via better-sqlite3 (native addon, bundled). No external database server required.
Setup
# Install dependencies
npm install
# Copy environment config
cp .env.example .env
# Edit .env with your settings
# Start API server
npm start
Environment Variables
Configure in .env file:
| Variable | Description | Required | Default |
|---|---|---|---|
DIGEST_PORT |
Server port | No | 8767 |
GOOGLE_CLIENT_ID |
Google OAuth client ID | For auth | - |
GOOGLE_CLIENT_SECRET |
Google OAuth client secret | For auth | - |
SESSION_SECRET |
Session cookie encryption key | For auth | - |
API_KEY |
Digest creation API key | For write API | - |
AI_DIGEST_DB |
SQLite database path | No | data/digest.db |
ALLOWED_ORIGINS |
CORS allowed origins | No | localhost |
API Server
Runs on port 8767 by default. Set DIGEST_PORT env to change.
Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
| GET | /api/digests | List digests (?type=4h|daily|weekly&limit=20&offset=0) | - |
| GET | /api/digests/:id | Get single digest | - |
| POST | /api/digests | Create digest (internal) | - |
| GET | /api/auth/google | Start Google OAuth flow | - |
| GET | /api/auth/callback | OAuth callback endpoint | - |
| GET | /api/auth/me | Get current user info | Yes |
| POST | /api/auth/logout | Logout user | Yes |
| GET | /api/marks | List user bookmarks | Yes |
| POST | /api/marks | Add bookmark | Yes |
| DELETE | /api/marks/:id | Remove bookmark | Yes |
| GET | /api/config | Get configuration | - |
| PUT | /api/config | Update configuration | - |
Web Dashboard
Serve web/index.html via your reverse proxy or any static file server.
Templates
templates/curation-rules.md— Customize feed curation rulestemplates/digest-prompt.md— Customize the AI summarization prompt
Configuration
Copy config.example.json to config.json and edit. See README for details.
Reverse Proxy (Caddy example)
handle /digest/api/* {
uri strip_prefix /digest/api
reverse_proxy localhost:8767
}
handle_path /digest/* {
root * /path/to/clawfeed/web
file_server
}
安全使用建议
This is an instruction-only Node.js project and not a packaged binary — before installing or running it: (1) inspect the project's package.json and package-lock (or yarn.lock) to see exact dependency names and versions; (2) verify how Twitter feeds are obtained (look for twitter API client usage or scraping code) — if you rely on Twitter API you should expect additional credentials; (3) run npm install and the service inside an isolated environment (container or VM) because npm packages (especially native addons like better-sqlite3) run code during install; (4) if you enable auth/write features, set a strong SESSION_SECRET and API_KEY and restrict ALLOWED_ORIGINS; (5) review templates and curation rules to ensure no accidental data exfiltration; and (6) avoid running this on sensitive hosts until you’ve audited dependencies and the source code. If you can obtain the full repository (package.json + code) and a list of dependency versions, re-run this evaluation — that would raise confidence.
功能分析
Type: OpenClaw Skill
Name: clawfeed-2
Version: 0.1.0
The `SKILL.md` file describes a news digest tool that instructs the OpenClaw agent to execute `npm install`, which carries an inherent supply chain risk as the `package.json` is not provided. The skill also exposes a `PUT /api/config` endpoint, allowing configuration updates which could be abused if not properly secured. Additionally, the skill explicitly mentions `templates/digest-prompt.md` for customizing the AI summarization prompt, indicating a potential prompt injection vulnerability against the skill's internal AI if the OpenClaw agent is instructed to modify this file based on untrusted input. These elements represent risky capabilities and vulnerabilities rather than clear malicious intent.
能力评估
Purpose & Capability
The name/description (Twitter + RSS digest) align with the files and endpoints described in SKILL.md (digest endpoints, templates, curation rules). However SKILL.md does not document how Twitter feeds are ingested (no Twitter API keys, no scraping approach described), which is an unexplained gap for the advertised capability.
Instruction Scope
Runtime instructions are limited to standard Node project steps (npm install, copy .env, npm start) and references to local config/templates and an SQLite DB path. The instructions do not ask the agent to access unrelated system files or credentials beyond the project, but they do require editing .env and config files inside the project.
Install Mechanism
This is an instruction-only skill that tells you to run `npm install` — which will fetch and run arbitrary packages from the npm registry. The README specifically lists a native addon dependency (better-sqlite3), which may compile native code during install. Because there is no packaged code in the skill bundle and no explicit package.json to inspect here, running install pulls unreviewed third-party code and native build steps — a moderate risk.
Credentials
The registry lists no required env vars or credentials, while SKILL.md documents optional env vars (GOOGLE_CLIENT_ID/SECRET, SESSION_SECRET, API_KEY) for auth/write features. Those variables are plausible and proportional. The only minor inconsistency: the description claims 'zero credentials' for read-only mode but the doc then lists several optional secrets for extended features — this is reasonable but should be noted.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It runs a local API server and writes a local SQLite DB (`data/digest.db`) — expected for this app. It does not declare modifications to other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawfeed-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawfeed-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of ClawFeed, an AI-powered news digest tool for Twitter and RSS feeds
- Supports automatic structured summaries (4H/daily/weekly/monthly)
- Read-only mode available without credentials (browse digests, switch languages)
- Optional Google OAuth authentication for bookmarks and feed management
- Simple API with endpoints for digests, authentication, bookmarks, and configuration
- No external database required—uses bundled SQLite
- Dashboard included; serve web UI via static file server or reverse proxy
元数据
常见问题
Clawfeed 是什么?
AI-powered tool generating structured news summaries from Twitter and RSS feeds with digest options for 4H, daily, weekly, and monthly intervals. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1154 次。
如何安装 Clawfeed?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawfeed-2」即可一键安装,无需额外配置。
Clawfeed 是免费的吗?
是的,Clawfeed 完全免费(开源免费),可自由下载、安装和使用。
Clawfeed 支持哪些平台?
Clawfeed 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawfeed?
由 94W666(@94w666)开发并维护,当前版本 v0.1.0。
推荐 Skills