← 返回 Skills 市场

Kisa Guideline Hub

Name: Kisa Guideline Hub
Author: rebugui

作者 rebugui · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

344

总下载

当前安装

版本数

在 OpenClaw 中安装

/install kisa-guideline-hub

功能描述

Automatically collect and publish security guidelines and guides from KISA and Boho (보호나라) to Notion. Use when you need to (1) collect new security guideline...

使用说明 (SKILL.md)

Guideline Publisher

Overview

Automated system to collect security guidelines from Korean security organizations (KISA, Boho) and publish them to Notion. Unlike regular security news, guidelines are published directly without LLM processing.

Supported Sources

KISA (한국인터넷진흥원):

Security guidelines and best practices
Configuration guides
Policy documents
URL: https://인터넷진흥원.한국/2060207

Boho (보호나라/KRCERT):

Security vulnerability guides
Incident response guides
Technical guidelines
URL: https://www.boho.or.kr
Includes PDF downloads

Workflow

1. Collect Guidelines

cd ~/.openclaw/workspace/skills/security-news-module
python3 scripts/publish_guidelines.py --collect

This will:

Run KISA crawler (10 guidelines)
Run Boho crawler (11 guidelines, PDF downloads)
Collect PDF files to temp_downloads/ directory
Store articles in processing queue

2. Publish to Notion

python3 scripts/publish_guidelines.py --publish

This will:

Publish collected guidelines to Notion GUIDE_DATABASE_ID
Upload PDF files to Notion
No LLM processing (direct publishing)
Skip duplicates automatically

3. Full Pipeline

python3 scripts/publish_guidelines.py --full

Runs both collection and publishing in sequence.

Notion Database Configuration

Guidelines are published to a separate Notion database:

GUIDE_DATABASE_ID: Set in .env as SECURITY_GUIDE_DATABASE_ID

If not set, defaults to SECURITY_NEWS_DATABASE_ID

Notion Properties:

Title: Guideline name
Category: "KISA 가이드라인" or "보호나라 가이드라인"
URL: Original source URL
Date: Publication date
Files: PDF attachments (Boho only)

Key Differences from Security News

Guidelines:

✅ Direct publishing (no LLM processing)
✅ PDF file uploads
✅ Separate Notion database
✅ KISA + Boho sources

Security News:

✅ LLM summary + analysis
✅ Mermaid diagrams
✅ Main Notion database
✅ 9 sources (KRCERT, 데일리시큐, etc.)

Environment Variables

Required in ~/.openclaw/workspace/.env:

# Notion
NOTION_API_KEY=ntn_xxx
SECURITY_NEWS_DATABASE_ID=xxx
SECURITY_GUIDE_DATABASE_ID=xxx  # Optional, defaults to SECURITY_NEWS_DATABASE_ID

# GLM API (for security news only)
SECURITY_NEWS_GLM_API_KEY=xxx

File Structure

security-news-module/
├── modules/
│   ├── crawlers/
│   │   ├── kisa.py (KISA guidelines)
│   │   └── boho.py (Boho guidelines + PDF)
│   ├── publisher_service.py
│   └── notion_handler.py (PDF upload support)
└── scripts/
    └── publish_guidelines.py (This skill's script)

PDF Downloads

Boho crawler automatically downloads PDF files:

temp_downloads_boho/
├── 가이드라인1.pdf
├── 가이드라인2.pdf
└── ...

PDFs are uploaded to Notion as file blocks.

Troubleshooting

No guidelines collected:

Check KISA/Boho websites are accessible
Verify Notion API key and database ID
Check network connectivity

PDF upload fails:

Verify Notion API supports file uploads
Check file size limits (20MB max)
Ensure temp_downloads/ directory exists

Duplicate guidelines:

Notion Duplicate_check() prevents duplicates
Based on URL matching
Safe to run multiple times

Integration with Security News Module

This skill is integrated into the Security News Module:

# Run both guidelines and news
python3 security_news_aggregator.py --once

# Guidelines run first (no LLM, fast)
# Then security news (with LLM, slower)

Cron Scheduling

For automated hourly runs:

# Already configured in LaunchAgent
# com.openclaw.security-news.plist
# Runs every hour automatically

Resources

scripts/

publish_guidelines.py - Main script for guideline collection and publishing

references/

schema.md - Notion database schema for guidelines
examples.md - Example guideline publications

安全使用建议

This skill appears to do what it says (crawl KISA/Boho and publish PDFs to Notion), but there are a few red flags you should address before installing or scheduling it automatically: - Confirm and document required environment variables in the registry metadata (NOTION_API_KEY, SECURITY_NEWS_DATABASE_ID, SECURITY_GUIDE_DATABASE_ID). The current registry claims none, which is inconsistent. - Inspect the code in the referenced modules (security-news-feed/modules/crawlers/* and publisher_service.py / notion_handler.py). The published script imports and executes code from a sibling package; that imported code will run with your user privileges and may perform network I/O or read files. - Check the contents of ~/.openclaw/workspace/.env before running. The script loads the entire .env file; ensure it contains only the secrets you intend to expose to this skill (don't keep other unrelated credentials there). Consider running in an isolated workspace or with a minimal .env for testing. - Before enabling any cron/LaunchAgent scheduling, run the script manually with a test Notion database to verify behavior and that only expected network endpoints (KISA/boho and Notion) are contacted. - If you cannot review the other module files, treat the skill as untrusted and avoid scheduling it or providing high-privilege credentials. If you provide the code for the referenced modules (modules/crawlers/kisa.py, modules/crawlers/boho.py, publisher_service.py, notion_handler.py), I can do a deeper review and raise any further concerns.

功能分析

Type: OpenClaw Skill Name: kisa-guideline-hub Version: 1.0.1 The skill bundle is a legitimate automation tool designed to collect security guidelines from official Korean organizations (KISA and Boho/KRCERT) and publish them to a Notion database. The main script, `publish_guidelines.py`, implements a clear workflow for crawling, PDF downloading, and Notion API interaction, consistent with the documentation in `SKILL.md` and `schema.md`. While it accesses sensitive environment variables and manages local file paths, these actions are strictly aligned with its stated purpose, and no evidence of data exfiltration, malicious execution, or harmful prompt injection was found.

能力评估

ℹ Purpose & Capability

Publishing guidelines to Notion aligns with the described functionality and the script shows direct Notion publishing and PDF uploads. However, the registry metadata reports no required environment variables or primary credential while SKILL.md and the script explicitly require a Notion API key and database IDs; this mismatch is unexpected and should be corrected.

⚠ Instruction Scope

The SKILL.md and script instruct the agent to load ~/.openclaw/workspace/.env (potentially exposing any secrets there), cd into a workspace path, and then change working directory to a sibling 'security-news-feed' package and import its modules. The script triggers network activity (crawling KISA/Boho, downloading PDFs, and uploading to Notion). Those actions are relevant to the purpose, but reading an entire .env and importing sibling modules gives the skill access to unrelated secrets and code in the user's workspace — a broader scope than strictly necessary.

✓ Install Mechanism

This is an instruction-only skill with a script file; there is no install spec, no external downloads, and no archive extraction. Risk from installation is low, but the script does rely on the presence of other local modules (security-news-feed) which must be present and trusted.

⚠ Credentials

Publishing to Notion reasonably requires NOTION_API_KEY and a database ID; SKILL.md documents these. But the registry incorrectly lists no required env vars. The script uses dotenv to load the entire ~/.openclaw/workspace/.env which may contain unrelated secrets (e.g., GLM key or other tokens). Loading the entire .env by default increases risk of inadvertent exposure or misuse of other credentials.

ℹ Persistence & Privilege

The skill itself is not forced-always and does not request elevated platform privileges. SKILL.md suggests optional user actions to schedule the script via LaunchAgent/cron (persistence), which would be a manual choice. If you choose to schedule, review and vet the code and environment first.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install kisa-guideline-hub
安装完成后，直接呼叫该 Skill 的名称或使用 /kisa-guideline-hub 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Added explicit version field to SKILL.md and updated version to 1.1.0. - No functional or workflow changes; documentation update only. - All usage and integration instructions remain unchanged.

v1.0.0

Initial release

元数据

Slug kisa-guideline-hub

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题