← 返回 Skills 市场
2979
总下载
1
收藏
14
当前安装
2
版本数
在 OpenClaw 中安装
/install hn-digest
功能描述
Fetch and send Hacker News front-page posts on demand. Use when the user asks for HN, says 'hn', 'pull HN', 'hn 10', or specifies a topic like 'hn health', 'hn hacking', or 'hn tech'. Sends N (default 5) posts as individual messages with Title + Link. Exclude crypto.
使用说明 (SKILL.md)
HN Digest
Command format
Interpret a user message that starts with hn as a request for a Hacker News front-page digest.
Supported forms:
hn→ default 5 postshn \x3Cn>→ n postshn \x3Ctopic>→ filter/boost by topichn \x3Cn> \x3Ctopic>→ both- If the user asks for “more” after already seeing some (e.g. “show me top 10–15 since we already did top 10”), treat it as an offset request and use
--offset(e.g. offset 10, count 10).
Topics:
tech(default)healthhackinglife/lifehacks
Output requirements
- Do not send any extra commentary/preamble/epilogue.
- Send results as individual messages.
- Each post message must be exactly:
- first line: the post title
- second line:
\x3Cage> · \x3CcommentCount> comments(age like45m ago,6h ago,3d ago) - third line: the Hacker News comments link (
https://news.ycombinator.com/item?id=...)
- After the post messages, send one final message that is the generated image.
- If the chat provider requires non-empty text for media, use a minimal caption
..
- If the chat provider requires non-empty text for media, use a minimal caption
- Hard exclude crypto.
Procedure
- Parse
nandtopicfrom the user message. - Fetch + rank items:
- Run
node skills/hn-digest/scripts/hn.mjs --count \x3Cn> --offset \x3Coffset> --topic \x3Ctopic> --format json. - Default
offsetis 0 unless the user explicitly asks for “more/next” after a previous batch.
- Run
- Send results as N individual messages in the required 3-line format.
- Then generate a delightful mood image via Nano Banana, inspired by the posts you just sent:
- Use
skills/hn-digest/scripts/mood_prompt.mjsto build a prompt from the JSON items. - Add 3–4 subtle Easter eggs derived from the post themes (no text/logos; keep it fun).
- Generate and attach the image by running:
skills/hn-digest/scripts/generate_mood_nano_banana.sh ./tmp/hn-mood/hn-mood.png \x3Ctopic> \x3Cn> \x3Coffset>
- Send the generated image as one additional message.
- Use
If fetching/ranking fails or returns 0 items:
- Use
https://news.ycombinator.com/in the browser tool, pick N non-crypto items by judgment, and send them in the same 3-line format. - Still generate a mood image (general “HN tech deep dives” vibe) with a banana Easter egg.
安全使用建议
Before installing or enabling this skill, consider the following: (1) The SKILL.md and registry metadata do NOT declare that an image-generation key is required, but the scripts will look for GEMINI_API_KEY (and fall back to reading ~/.openclaw/openclaw.json for nano-banana-pro.apiKey). Decide whether you are comfortable exposing that key or allowing the skill to read your OpenClaw config. (2) The skill will create a local Python virtualenv and pip-install google-genai and pillow — review those packages and be prepared for code to run on your machine. (3) There is an extra image routine (mood_image.py) that would use OPENAI_API_KEY; confirm whether that is intended or dead/leftover code. (4) If you want to proceed, ask the author to: a) explicitly document required env vars and config access in SKILL.md, b) avoid reading ~/.openclaw/openclaw.json (require an explicit env var instead), or c) remove unused credential-using files. If unsure, run the skill in a sandboxed environment or inspect/execute the scripts locally with empty or test credentials first.
功能分析
Type: OpenClaw Skill
Name: hn-digest
Version: 1.0.1
The skill is classified as suspicious due to the `nano_banana_mood.py` script attempting to load an API key from `~/.openclaw/openclaw.json`. While this is plausibly for its own legitimate use (loading the 'nano-banana-pro' API key), it demonstrates the capability to access sensitive configuration files from the user's home directory, which is a high-risk permission. Other potential prompt injection vectors identified in `SKILL.md` are mitigated by robust argument validation in `hn.mjs` and careful prompt construction in `mood_prompt.mjs`.
能力评估
Purpose & Capability
The skill claims no required credentials or config, but its included code expects a Gemini API key (GEMINI_API_KEY) and also contains an alternate image routine that would use OPENAI_API_KEY. The skill's purpose (HN digest + mood image) can justify needing an image-generation key, but the SKILL.md/registry metadata do not declare any required env vars or explain where keys must come from.
Instruction Scope
SKILL.md tells the agent to run bundled node and shell scripts which: call the HN Algolia API (expected), create a local Python venv and pip-install packages, and run a Python image generator. One image generator (nano_banana_mood.py) will attempt to read ~/.openclaw/openclaw.json to extract a nano-banana-pro apiKey. Reading another skill/agent config file is out-of-scope for a simple HN digest and is not declared in the instructions.
Install Mechanism
No centralized install spec, but the runtime shell script creates ./tmp/hn-venv and pip-installs google-genai and pillow from PyPI. This is traceable (PyPI) and not an arbitrary HTTP download, but it will write files to disk and execute third-party packages — moderate risk and should be disclosed.
Credentials
The code checks for GEMINI_API_KEY (env) and, if absent, reads ~/.openclaw/openclaw.json to find nano-banana-pro.apiKey. That means the skill can access stored agent/skill config and potentially other skills' API keys. The repository also contains mood_image.py which would use OPENAI_API_KEY (not referenced by the main generate script) — the presence of multiple credential paths with no declaration is disproportionate and surprising.
Persistence & Privilege
The skill is not force-included (always: false) and does not request to modify other skills. However, it does read ~/.openclaw/openclaw.json, which leaks a higher-privilege config surface to the skill at runtime — this is a privilege elevation of read-access to agent config and should be considered when enabling the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hn-digest - 安装完成后,直接呼叫该 Skill 的名称或使用
/hn-digest触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
hn-digest 1.0.1
- No functional or documentation changes; the version was updated without modifications to files or content.
v1.0.0
Fetch and send top Hacker News front-page posts on demand with topic filtering and delightful mood images.
- Responds to user requests like "hn", "hn 10", or "hn health" with N (default 5) front-page posts (excluding crypto), each as an individual 3-line message.
- Supports topic filters: tech (default), health, hacking, life/lifehacks.
- Handles "more" requests using offset to continue from previous results.
- After sending posts, generates and sends a mood image inspired by the topics, with playful Easter eggs.
- Falls back to manual fetching and a default mood image if automated fetching fails.
元数据
常见问题
HN Digest 是什么?
Fetch and send Hacker News front-page posts on demand. Use when the user asks for HN, says 'hn', 'pull HN', 'hn 10', or specifies a topic like 'hn health', 'hn hacking', or 'hn tech'. Sends N (default 5) posts as individual messages with Title + Link. Exclude crypto. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2979 次。
如何安装 HN Digest?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hn-digest」即可一键安装,无需额外配置。
HN Digest 是免费的吗?
是的,HN Digest 完全免费(开源免费),可自由下载、安装和使用。
HN Digest 支持哪些平台?
HN Digest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 HN Digest?
由 cpojer(@cpojer)开发并维护,当前版本 v1.0.1。
推荐 Skills