功能描述

采集 AI 新闻，校验 stage1 JSON，发布 KeplerJAI 简讯，并以可迁移、面向 agent workspace 的方式生成最终摘要。

使用说明 (SKILL.md)

\r \r

KeplerJAI Bulletin Skill\r

Name: Keplerjai Bulletin Publish
Author: renjicode

\r 当目标是完成一套从 AI 新闻采集到简讯发布汇总的 KeplerJAI 工作流时，应使用这份 skill。\r \r

设计意图\r

\r 这份 skill 围绕一套可迁移结构设计：\r \r

skill 目录提供提示词、脚本和工作流规则。\r
目标 agent workspace 存放运行产物。\r
面向用户的最终结果应是整理好的摘要文本，而不是中间执行报告。\r \r 这份 skill 应当能够在另一台机器上被 OpenClaw 学习并直接使用，正常情况下不应要求用户手工重写本地路径。\r \r

职责划分\r

\r OpenClaw 应负责：\r \r

读取 stage1-task-prompt.txt\r
采集合格的 AI 新闻条目\r
将 stage1 输出写入目标运行目录\r \r 随后由 Python 脚本负责：\r \r
校验 stage1 JSON\r
发布简讯\r
生成最终摘要\r
向 pipeline.log 追加进度日志\r \r

执行边界\r

\r 这份 skill 旨在作为单层工作流运行。\r \r OpenClaw 应在当前运行中自行完成 stage1 采集。\r \r 以下方式都不应被当作默认的学习后执行路线：\r \r

scripts/run_saved_pipeline.py\r
嵌套的 openclaw agent ... 命令\r
为了做 stage1 采集而再额外启动一个完整 agent 的后台流程\r \r 这些路线仅是人工调试辅助方式，绝不能成为从这份 skill 中学习出的标准定时任务方案。\r \r

运行输出模式\r

\r 运行产物应写入：\r \r \x3Cagent_workspace>/keplerjai-bulletin-publish\r \r 预期输出包括：\r \r

stage1-output.txt\r
stage1-output.normalized.json\r
publish-result.json\r
final-message.txt\r
pipeline.log\r \r

认证\r

\r 优先认证变量：\r \r

KEPLERAI_API_KEY\r
```\r
\r
兼容认证变量：\r
\r
```text\r
KEPLERJAI_BEARER_TOKEN\r
```\r
\r
## 定时任务规则\r
\r
如果基于这份 skill 创建定时任务，则应遵循：\r
\r
1. 任务 owner 必须与目标 workspace 对齐。\r
2. 路径必须从本地已安装的 skill 目录和目标 workspace 自动推导。\r
3. 工作流必须保持可追踪。\r
4. 进度必须写入 `pipeline.log`。\r
5. 成功时只返回 `final-message.txt` 的内容。\r
6. stage1 采集必须在当前工作流中直接完成。\r
7. 绝不能把 `scripts/run_saved_pipeline.py` 作为学习后的定时任务执行路径。\r
8. 绝不能在定时任务内部再启动另一个 `openclaw agent` 进程。\r
\r
只有在自动推导路径确实做不到时，才允许手工改写路径作为兜底。\r
\r
## 参考文件\r
\r
- `README.md`\r
- `CRON_SETUP.md`\r
- `stage1-task-prompt.txt`\r

安全使用建议

What to check before installing: - The SKILL.md and scripts expect API credentials (KEPLERAI_API_KEY or KEPLERJAI_BEARER_TOKEN and optional cookies) but the registry metadata lists no required env vars — ask the publisher to declare these explicitly so you know what secrets will be read. - Inspect publish_bulletins.py and confirm you trust the endpoint https://www.keplerjai.com (this skill will POST content there). If you don't trust that domain, do not provide credentials and do not run the publish step. - Note the presence of scripts/run_saved_pipeline.py which will try to locate and run a local openclaw executable (i.e., spawn a nested agent). SKILL.md says that script is for manual debugging only — ensure any automated scheduling or learning does not execute this script, otherwise you may get nested agent runs that violate the intended single-layer workflow. - Be cautious about the '--insecure' option in publish_bulletins.py (it disables SSL verification). Avoid using it in production. - Confirm where outputs will be written on your machine: the scripts derive a workspace path relative to the skill location and may create files like pipeline.log, final-message.txt, publish-result.json, and stage1 JSON. If you have multiple agent workspaces, verify the target to avoid writing into an unintended directory. - If you plan to schedule or allow implicit invocation, consider restricting the skill or ensuring the environment does not contain high-privilege credentials you don't want the skill to access. What would change this assessment: - If the registry metadata is updated to declare the expected environment variables and explain the intended usage of run_saved_pipeline.py (explicitly marking it as manual-only), and if the publisher documents and justifies the keplerjai.com endpoint, the remaining concerns become minor and this would likely be 'benign'. - If additional unexpected credential names, hardcoded remote download URLs, or obfuscated network endpoints were found, the verdict would be more severe.

功能分析

Type: OpenClaw Skill Name: keplerjai-bulletin-publish Version: 1.0.0 The skill implements an automated AI news collection and publishing workflow for the KeplerJAI platform. It utilizes high-risk capabilities including network access for web scraping (newsnow.co.uk) and API interaction (keplerjai.com), filesystem operations for logging and data persistence, and the execution of sub-processes via `subprocess.run` in `scripts/run_saved_pipeline.py`. The skill handles sensitive authentication tokens (e.g., `KEPLERAI_API_KEY`) and includes an optional `--insecure` flag in `scripts/publish_bulletins.py` to bypass SSL verification. While these behaviors are aligned with the stated purpose and the scripts include security-conscious logic like log sanitization to mask secrets, the combination of shell execution, network access, and credential handling meets the threshold for a suspicious classification.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The skill's name, description, prompts, and Python scripts align: they collect stage‑1 news, validate JSON, publish to keplerjai.com, and format a final message. The network targets (https://www.keplerjai.com) and the environment variables mentioned in SKILL.md and in scripts (KEPLERAI_API_KEY, KEPLERJAI_BEARER_TOKEN and optional cookie vars) are coherent with a publishing workflow. However, the registry metadata declares no required environment variables while the SKILL.md and scripts explicitly expect bearer token / cookie environment keys — this metadata omission is an inconsistency that should be corrected.

⚠ Instruction Scope

SKILL.md explicitly requires the agent to perform stage1 collection itself and forbids using scripts/run_saved_pipeline.py and nested 'openclaw agent ...' calls as the standard automated route. Nevertheless, the package includes scripts/run_saved_pipeline.py which explicitly resolves and invokes the local openclaw executable to run an agent (i.e., nested agent invocation). Having that script present is acceptable for manual debugging, but it contradicts the recommended automated workflow and could be misused (or learned) as an automated path. Also stage1 prompts insist the agent write local files to a workspace; the scripts read/writes files in derived workspace paths — expected for this skill but worth noting for privacy/placement of outputs.

✓ Install Mechanism

This is an instruction‑plus‑script skill with no install spec. No arbitrary remote downloads are present. The only dependency listed in requirements.txt is PyYAML, which is reasonable. Because it’s instruction-only with local scripts, risk from install-time code fetching is low.

ℹ Credentials

The scripts read bearer tokens and optional cookies from environment variables (KEPLERAI_API_KEY, KEPLERJAI_BEARER_TOKEN, KEPLERAI_COOKIE, KEPLERJAI_COOKIE) to authenticate against keplerjai.com — that is proportionate to a publish workflow. But the registry metadata did not declare these required/optional env vars; this mismatch is important because users won’t be warned that API credentials are used. Also publish_bulletins.py supports an '--insecure' flag that disables TLS verification, which is a potentially dangerous option if used inadvertently.

ℹ Persistence & Privilege

The skill is not set to 'always: true' and is user-invocable, which is normal. agents/openai.yaml sets allow_implicit_invocation: true (permitting implicit invocation), which is a typical configuration for skills but increases the need to ensure credentials and invocation constraints are correct. The skill writes outputs into a target agent workspace (skill_root.parent/<agent_workspace>/keplerjai-bulletin-publish) — expected behavior for this workflow but you should verify where files will be written on your system.

版本历史

v1.0.0

Initial release of keplerjai-bulletin-publish: - Provides a workflow for collecting AI news, validating stage1 JSON, publishing KeplerJAI bulletins, and generating final summaries. - Designed for agent workspace compatibility and easy migration to new environments without manual path edits. - Separates responsibilities between news collection (by OpenClaw) and publishing/validation (by Python scripts). - All outputs are written to `<agent_workspace>/keplerjai-bulletin-publish`, including logs and final messages. - Supports API key authentication via `KEPLERAI_API_KEY` or `KEPLERJAI_BEARER_TOKEN`. - Enforces strict workflow boundaries to ensure transparency, traceability, and suitable automation practices.

元数据

Slug keplerjai-bulletin-publish

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Keplerjai Bulletin Publish 是什么？

采集 AI 新闻，校验 stage1 JSON，发布 KeplerJAI 简讯，并以可迁移、面向 agent workspace 的方式生成最终摘要。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 62 次。

如何安装 Keplerjai Bulletin Publish？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install keplerjai-bulletin-publish」即可一键安装，无需额外配置。

Keplerjai Bulletin Publish 是免费的吗？

是的，Keplerjai Bulletin Publish 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Keplerjai Bulletin Publish 支持哪些平台？

Keplerjai Bulletin Publish 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Keplerjai Bulletin Publish？

由任佶（@renjicode）开发并维护，当前版本 v1.0.0。

Keplerjai Bulletin Publish