← 返回 Skills 市场
Content Watcher
作者
su707181393-del
· GitHub ↗
· v1.0.0
1364
总下载
1
收藏
10
当前安装
1
版本数
在 OpenClaw 中安装
/install content-watcher
功能描述
Monitor RSS feeds, blogs, and news sources with AI-powered summarization and generate daily digests in Markdown or console output.
使用说明 (SKILL.md)
Content Watcher
Monitor any RSS feeds, blogs, or news sources and get AI-powered daily digests.
Quick Start
# Install dependencies
npm install
# Add your first source
content-watcher add https://techcrunch.com/feed/ --name "TechCrunch"
# Run once to test
content-watcher run
# Save digest to file
content-watcher run --output digest.md
Commands
| Command | Description |
|---|---|
add \x3Curl> |
Add a source to monitor |
remove \x3Cid> |
Remove a source |
list |
List all sources |
run |
Generate digest now |
config |
Show configuration |
Features
- ✅ RSS/Atom feed parsing
- ✅ Web content extraction
- ✅ AI text summarization (local, no API key)
- ✅ Markdown digest generation
- ✅ Multi-source aggregation
- ✅ Duplicate detection
- ✅ Configurable via CLI
Configuration
Config stored at ~/.config/content-watcher/config.json:
{
"sources": [...],
"delivery": "console",
"summaryStyle": "bullet",
"maxItemsPerSource": 5
}
Use Cases
- Competitive Intelligence - Monitor competitor blogs/news
- Industry Trends - Track tech/finance/marketing trends
- Research Assistant - Aggregate academic/sources
- Content Curation - Create newsletters automatically
Integration
Works great with:
- Feishu webhook (auto-post digest)
- Email delivery (send digest)
- Cron scheduling (daily runs)
安全使用建议
This package appears to be what it says: a local CLI that fetches RSS/URLs you add and produces local summaries. Before installing, consider: (1) review the package source or install in a sandbox if you are uncomfortable running code from an unknown author; (2) be cautious about adding internal or sensitive URLs as monitored sources (the tool will fetch any URL you configure, which could expose internal endpoints to local network requests); (3) if you later enable webhook/email integrations, inspect what credentials are requested and where digests are sent; (4) verify the npm package identity on the registry (owner/publish history) if provenance matters.
功能分析
Type: OpenClaw Skill
Name: content-watcher
Version: 1.0.0
The skill is classified as suspicious primarily due to a potential arbitrary file write vulnerability. The `bin/content-watcher.js` script's `run` command allows users to specify an output file path via `--output <file>`, which could be susceptible to path traversal (e.g., `../../../evil.sh`) if the input is not sanitized, potentially allowing an attacker to write files to arbitrary locations on the system. While the skill's core functionality involves legitimate network requests to user-provided URLs for content fetching (in `lib/rss.js` and `lib/fetch.js`), and summarization is performed locally (in `lib/summarize.js`), this file write vulnerability elevates it beyond benign. There is no clear evidence of intentional malicious behavior such as data exfiltration, persistence mechanisms, or prompt injection attempts against the OpenClaw agent.
能力评估
Purpose & Capability
Name/description (RSS monitoring + summarization) align with required binaries (node, npm), the npm install spec, and the provided CLI code. The code implements RSS parsing, HTTP fetch/extract, local summarization, and markdown digest generation. Minor mismatch: SKILL.md/README mention integrations (Feishu, Email delivery) but the included code does not implement remote delivery or require credentials for those services.
Instruction Scope
SKILL.md instructions are limited to installing the package, adding sources, running the CLI, and saving output. Runtime code reads/writes a single user-scoped config at ~/.config/content-watcher/config.json, fetches URLs provided by the user, and writes digest output locally or to a file. There are no instructions to read unrelated system files or to transmit data to external endpoints other than fetching the user-specified feeds/URLs.
Install Mechanism
Install uses a normal npm package (content-watcher) and provides a CLI binary; package.json and package-lock.json list common, well-known dependencies (axios, cheerio, rss-parser, etc.). No downloads from custom URLs, no extracted archives from arbitrary hosts.
Credentials
The skill declares no required environment variables or credentials and the code does not expect secrets. This matches the implementation. Note: the README/SKILL.md reference possible webhook/email delivery but no code requires tokens; if future versions add those features they will likely request credentials—review those changes before granting secrets.
Persistence & Privilege
The skill stores its own config under the user's home directory (~/.config/content-watcher/config.json) and persists seen URLs — this is expected for a monitoring CLI. always is false and the skill does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install content-watcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/content-watcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: RSS monitoring with AI summarization and daily digest generation
元数据
常见问题
Content Watcher 是什么?
Monitor RSS feeds, blogs, and news sources with AI-powered summarization and generate daily digests in Markdown or console output. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1364 次。
如何安装 Content Watcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install content-watcher」即可一键安装,无需额外配置。
Content Watcher 是免费的吗?
是的,Content Watcher 完全免费(开源免费),可自由下载、安装和使用。
Content Watcher 支持哪些平台?
Content Watcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Content Watcher?
由 su707181393-del(@su707181393-del)开发并维护,当前版本 v1.0.0。
推荐 Skills