← 返回 Skills 市场
754
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install hfnews
功能描述
Fetch and filter IT and Cybersecurity news from multiple sources, excluding politics, sports, and other unwanted topics based on a configurable blacklist.
使用说明 (SKILL.md)
News Fetcher
Usage
# All categories
news
# Specific category
news Allgemeines
news IT
news Cybersecurity
Output Format
Simple list:
Allgemeines:
- Titel URL
- Titel URL
- Titel URL
- Titel URL
- Titel URL
IT:
- Titel URL
- Titel URL
- Titel URL
- Titel URL
- Titel URL
Cybersecurity:
- Titel URL
- Titel URL
- Titel URL
- Titel URL
- Titel URL
Blacklist
Words to filter out:
- Sport, Trump/USA, SPD, Iran, Bürgergeld, Mietreform, Mieterschutz
- Regenpause, Ukraine, Putin, Epstein
- Bilder des Tages, Karrierefrage
- Stellenmarkt, Jobs
Categories
Allgemeines
- Tagesschau: https://www.tagesschau.de/
- FAZ: https://www.faz.net/aktuell/
- WiWo: https://www.wiwo.de/
- Süddeutsche: https://www.sueddeutsche.de/
- Spiegel: https://www.spiegel.de/
- Mittelbayerische: https://www.mittelbayerische.de/lokales/stadt-regensburg
IT
- Heise: https://www.heise.de/
- Golem: https://www.golem.de/
- Slashdot: https://slashdot.org/
Cybersecurity
- The Hacker News: https://thehackernews.com/
- BleepingComputer: https://www.bleepingcomputer.com/
- Logbuch Netzpolitik: https://logbuch-netzpolitik.de/
安全使用建议
This package contains runnable code but is inconsistent with its metadata and README. Things to consider before installing or running it:
- Dependencies: fetcher.js requires Node and the 'puppeteer' package plus a Chromium binary at /usr/bin/chromium; scripts/news.py requires Python 3. The skill metadata declares no required binaries — verify you are prepared to install these and that you trust the author.
- Installation ambiguity: there is no install or run instruction. You will likely need to run 'npm install' (which downloads many packages) and provide a Chromium binary or let puppeteer download one. Running headless Chromium with '--no-sandbox' can be risky in untrusted environments; run in an isolated container or VM.
- Malformed feeds: the Python RSS script contains several malformed/odd feed URLs (e.g., '.../list/panorama feed', '.../layer/feed mp3') — this looks like sloppy packaging and could indicate the code wasn't tested.
- Network behaviour: both scripts fetch many external news sites (expected) — if you need to limit network exposure, run offline or in a sandbox.
- Clarify expected command: SKILL.md shows a 'news' command but does not map it to fetcher.js or scripts/news.py. Ask the author which script to run and for an installation guide, or inspect/modify the code locally before executing.
Recommendation: treat this as untrusted code until the author provides proper install/run instructions and fixes the feed URLs. If you must test it, execute in an isolated environment (container or VM), review package-lock and the code, and avoid running with elevated privileges.
功能分析
Type: OpenClaw Skill
Name: hfnews
Version: 1.0.0
The `fetcher.js` script uses Puppeteer to launch a Chromium browser with the `--no-sandbox` and `--disable-setuid-sandbox` flags. This disables critical security isolation, making the host system vulnerable to potential remote code execution if a vulnerability exists in Chromium or if any of the hardcoded news sources were to serve malicious content. While the URLs are hardcoded and there's no explicit evidence of intentional malicious behavior like data exfiltration or persistence, this configuration represents a severe security vulnerability.
能力评估
Purpose & Capability
The skill claims a simple news fetcher and lists no required binaries or env vars, but the bundle contains Node code (puppeteer) that expects a Chromium binary at /usr/bin/chromium and a Python RSS script — the registry metadata does not declare Node, Chromium, or Python as requirements. A legitimate news fetcher would either be instruction-only (call a known CLI) or declare these dependencies; the omission is incoherent.
Instruction Scope
SKILL.md shows a single 'news' command and example categories but does not tell which file to run or how to install dependencies. The included fetcher.js performs full headless-browser scraping (expected for some scrapers) and the Python script fetches RSS feeds. Neither the SKILL.md nor the metadata instructs the agent to install node modules, provide a Chromium binary, or which script is the canonical runtime — this ambiguity grants the agent broad discretion and could lead to unexpected actions.
Install Mechanism
There is no install spec despite package.json/package-lock and a heavy puppeteer dependency. Puppeteer typically requires downloading/using a browser binary (or a system Chromium); fetcher.js hardcodes '/usr/bin/chromium' and uses --no-sandbox flags. The lack of an explicit, safe install procedure and the large transitive dependency tree in package-lock increases operational risk (unexpected heavy installs, privileged flags).
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not try to read secrets or external tokens. Network access is used only to fetch news sources listed in SKILL.md, which is consistent with the stated purpose.
Persistence & Privilege
Registry flags are default (always:false, agent invocation allowed). The skill does not request elevated persistent presence or modify other skills/configs. No 'always: true' or other high-privilege behavior is present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hfnews - 安装完成后,直接呼叫该 Skill 的名称或使用
/hfnews触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Hubert's news skill with stopwords filter for IT/Cybersecurity
元数据
常见问题
hfnews 是什么?
Fetch and filter IT and Cybersecurity news from multiple sources, excluding politics, sports, and other unwanted topics based on a configurable blacklist. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 754 次。
如何安装 hfnews?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hfnews」即可一键安装,无需额外配置。
hfnews 是免费的吗?
是的,hfnews 完全免费(开源免费),可自由下载、安装和使用。
hfnews 支持哪些平台?
hfnews 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 hfnews?
由 huberteff(@huberteff)开发并维护,当前版本 v1.0.0。
推荐 Skills