功能描述

Automatically collect and publish security guidelines and guides from KISA and Boho (보호나라) to Notion. Use when you need to (1) collect new security guideline...

使用说明 (SKILL.md)

Guideline Publisher

Name: Kisa Guideline Hub Repo
Author: rebugui

Overview

Automated system to collect security guidelines from Korean security organizations (KISA, Boho) and publish them to Notion. Unlike regular security news, guidelines are published directly without LLM processing.

Supported Sources

KISA (한국인터넷진흥원):

Security guidelines and best practices
Configuration guides
Policy documents
URL: https://인터넷진흥원.한국/2060207

Boho (보호나라/KRCERT):

Security vulnerability guides
Incident response guides
Technical guidelines
URL: https://www.boho.or.kr
Includes PDF downloads

Workflow

1. Collect Guidelines

cd ~/.openclaw/workspace/skills/security-news-module
python3 scripts/publish_guidelines.py --collect

This will:

Run KISA crawler (10 guidelines)
Run Boho crawler (11 guidelines, PDF downloads)
Collect PDF files to temp_downloads/ directory
Store articles in processing queue

2. Publish to Notion

python3 scripts/publish_guidelines.py --publish

This will:

Publish collected guidelines to Notion GUIDE_DATABASE_ID
Upload PDF files to Notion
No LLM processing (direct publishing)
Skip duplicates automatically

3. Full Pipeline

python3 scripts/publish_guidelines.py --full

Runs both collection and publishing in sequence.

Notion Database Configuration

Guidelines are published to a separate Notion database:

GUIDE_DATABASE_ID: Set in .env as SECURITY_GUIDE_DATABASE_ID

If not set, defaults to SECURITY_NEWS_DATABASE_ID

Notion Properties:

Title: Guideline name
Category: "KISA 가이드라인" or "보호나라 가이드라인"
URL: Original source URL
Date: Publication date
Files: PDF attachments (Boho only)

Key Differences from Security News

Guidelines:

✅ Direct publishing (no LLM processing)
✅ PDF file uploads
✅ Separate Notion database
✅ KISA + Boho sources

Security News:

✅ LLM summary + analysis
✅ Mermaid diagrams
✅ Main Notion database
✅ 9 sources (KRCERT, 데일리시큐, etc.)

Environment Variables

Required in ~/.openclaw/workspace/.env:

# Notion
NOTION_API_KEY=ntn_xxx
SECURITY_NEWS_DATABASE_ID=xxx
SECURITY_GUIDE_DATABASE_ID=xxx  # Optional, defaults to SECURITY_NEWS_DATABASE_ID

# GLM API (for security news only)
SECURITY_NEWS_GLM_API_KEY=xxx

File Structure

security-news-module/
├── modules/
│   ├── crawlers/
│   │   ├── kisa.py (KISA guidelines)
│   │   └── boho.py (Boho guidelines + PDF)
│   ├── publisher_service.py
│   └── notion_handler.py (PDF upload support)
└── scripts/
    └── publish_guidelines.py (This skill's script)

PDF Downloads

Boho crawler automatically downloads PDF files:

temp_downloads_boho/
├── 가이드라인1.pdf
├── 가이드라인2.pdf
└── ...

PDFs are uploaded to Notion as file blocks.

Troubleshooting

No guidelines collected:

Check KISA/Boho websites are accessible
Verify Notion API key and database ID
Check network connectivity

PDF upload fails:

Verify Notion API supports file uploads
Check file size limits (20MB max)
Ensure temp_downloads/ directory exists

Duplicate guidelines:

Notion Duplicate_check() prevents duplicates
Based on URL matching
Safe to run multiple times

Integration with Security News Module

This skill is integrated into the Security News Module:

# Run both guidelines and news
python3 security_news_aggregator.py --once

# Guidelines run first (no LLM, fast)
# Then security news (with LLM, slower)

Cron Scheduling

For automated hourly runs:

# Already configured in LaunchAgent
# com.openclaw.security-news.plist
# Runs every hour automatically

Resources

scripts/

publish_guidelines.py - Main script for guideline collection and publishing

references/

schema.md - Notion database schema for guidelines
examples.md - Example guideline publications

安全使用建议

Key points before installing or running this skill: - Missing declarations: The registry metadata claims no required environment variables, but the SKILL.md and script require a Notion API key and database IDs stored in ~/.openclaw/workspace/.env. Do not run the script until you create a dedicated Notion integration with a limited-scoped API key and set the database IDs. - Missing files/dependencies: The script imports modules from a 'security-news-module' (modules.crawlers.kisa, boho, publisher_service, config) and README mentions requirements.txt; those files are not included in the package manifest. Running the script as-is will likely fail unless you obtain the referenced module files. Ask the publisher for the missing modules or a complete package. - Network & data flow: The skill crawls external websites and downloads PDFs, then uploads them to Notion. This matches its purpose but means you are transmitting (potentially sensitive) documents to a third-party service (your Notion workspace). Only use a Notion integration you control and be mindful of privacy and file size limits. - Safety recommendations: (1) Inspect the missing crawler and publisher modules before running to ensure they don't perform unexpected network calls or exfiltrate data elsewhere. (2) Run initially in an isolated environment (non-privileged account, limited filesystem) and monitor network activity. (3) Use a dedicated Notion integration with the minimal required permissions and a separate Notion test database. (4) Ask the skill author to update registry metadata to declare required env vars and to include requirements.txt and the required modules so the package can be fully reviewed. What would change this assessment: if the package included the referenced modules and a requirements.txt and the registry metadata declared the Notion env vars (and those modules' behavior is consistent with the description), the evaluation would likely move to benign. Conversely, if the missing modules or remote repo contain unrelated credential-handling or hidden endpoints, the verdict could escalate to malicious.

功能分析

Type: OpenClaw Skill Name: kisa-guideline-hub-repo Version: 1.0.1 The skill bundle is a legitimate utility designed to automate the collection of security guidelines from official Korean security organizations (KISA and Boho/KRCERT) and publish them to a Notion database. The core logic in scripts/publish_guidelines.py manages the workflow of crawling, PDF handling, and Notion API interaction using standard Python libraries and environment variables for configuration. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the instructions and code are consistent with the stated purpose of security document management.

能力评估

⚠ Purpose & Capability

The SKILL.md and script both describe crawling KISA and Boho and publishing PDFs to Notion — this is coherent with the name/description. However the package metadata declares no required environment variables or primary credential while the SKILL.md and script clearly require a Notion API key and database IDs. That mismatch is an unexplained inconsistency.

ℹ Instruction Scope

Instructions explicitly tell the agent/user to run a Python script that: loads ~/.openclaw/workspace/.env, crawls external websites (KISA, Boho), downloads PDFs to local temp directories, and uploads files to Notion. Those actions are within the stated purpose, but the script imports other modules (modules.crawlers.*, publisher_service, config) that are not included in the manifest — meaning runtime behavior depends on external code not present here.

⚠ Install Mechanism

There is no install spec (instruction-only) which is low-risk, but the README suggests pip install -r requirements.txt and cloning a GitHub repo; no requirements.txt or the referenced security-news-module files are present in the manifest. This is a practical install/runtime gap: following the provided commands will likely fail or pull unreviewed code from external sources if the user attempts to clone/install them.

⚠ Credentials

The skill needs Notion credentials (NOTION_API_KEY, SECURITY_NEWS_DATABASE_ID, optional SECURITY_GUIDE_DATABASE_ID) according to SKILL.md and code, yet the registry metadata lists no required env vars or primary credential. Requesting a Notion API key is reasonable for the purpose, but the missing declaration is a red flag: the agent or user may not be warned that secrets are required. The SKILL.md also references an unrelated GLM API key for the 'news' portion — this is optional for guidelines but is present in docs, adding potential confusion.

✓ Persistence & Privilege

The skill is not configured as always: true, does not request system-wide changes in its code, and only suggests optional cron/LaunchAgent configuration in documentation. There is no automated persistent installation performed by the skill files provided here.

版本历史

v1.0.1

- Added a README.md file to provide additional documentation for the project. - No changes to existing functionality; this release focuses on improved documentation.

v1.0.0

Initial release of kisa-guideline-hub. - Automates collection of security guidelines from KISA and Boho (KRCERT, 보호나라). - Publishes guidelines, including PDFs, directly to a dedicated Notion database (no LLM processing). - Avoids duplicate guideline entries using URL-based checks. - Supports both manual and automated (cron) workflows. - Integrated with the Security News Module for sequential processing of guidelines and news items.

元数据

Slug kisa-guideline-hub-repo

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Kisa Guideline Hub Repo 是什么？

Automatically collect and publish security guidelines and guides from KISA and Boho (보호나라) to Notion. Use when you need to (1) collect new security guideline... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 278 次。

如何安装 Kisa Guideline Hub Repo？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install kisa-guideline-hub-repo」即可一键安装，无需额外配置。

Kisa Guideline Hub Repo 是免费的吗？

是的，Kisa Guideline Hub Repo 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Kisa Guideline Hub Repo 支持哪些平台？

Kisa Guideline Hub Repo 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Kisa Guideline Hub Repo？

由 rebugui（@rebugui）开发并维护，当前版本 v1.0.1。

Kisa Guideline Hub Repo