← 返回 Skills 市场
dinstein

Media News Digest

作者 Linfeng Liang · GitHub ↗ · v2.1.1
cross-platform ⚠ suspicious
960
总下载
2
收藏
1
当前安装
16
版本数
在 OpenClaw 中安装
/install media-news-digest
功能描述
Generate media & entertainment industry news digests. Covers Hollywood trades (THR, Deadline, Variety), box office, streaming, awards season, film festivals,...
安全使用建议
This skill appears coherent and intended for the stated purpose, but review these before installing: (1) When you provide API keys (Twitter/Brave/Tavily), use least-privilege / dedicated keys and store them in your environment or workspace config, not in the repo. (2) Inspect send-email.py / your mail delivery configuration: decide whether you'll use msmtp/system mail or an external CLI (the templates reference 'gog gmail send' but that tool isn't declared). Make sure your mail client is configured securely. (3) The skill reads <WORKSPACE>/archive/... and <WORKSPACE>/config/... — confirm you are comfortable the agent will access those workspace paths. (4) If you plan to allow automated, scheduled delivery, audit who receives those digests and any channel IDs configured. (5) If you want extra assurance, run the pipeline locally first (pip install -r requirements.txt) and review the send-email.py and any network-call code (fetch-* scripts) to confirm endpoints and retry/error handling. Overall the skill is internally consistent; these are operational checks rather than blockers.
功能分析
Type: OpenClaw Skill Name: media-news-digest Version: 2.1.1 The skill bundle is classified as suspicious due to a shell injection vulnerability found in the `scripts/test-pipeline.sh` file. Specifically, the script uses unquoted shell variables (`$TOPICS`, `$IDS`) within `grep -qi` and `python3 -c` commands, which could allow arbitrary command execution if a user provides specially crafted input to the `--topics` or `--ids` arguments. While this is a test script and not part of the main agent execution flow, it represents a vulnerability that could be exploited. The rest of the skill demonstrates strong security awareness, including explicit prompt injection mitigations in `SKILL.md` and `references/digest-prompt.md`, and robust HTML sanitization in `scripts/sanitize-html.py`.
能力评估
Purpose & Capability
Name/description (media news digest) matches the included scripts (fetch-rss, fetch-twitter, fetch-reddit, fetch-web, merge, summarize, generate-pdf, send-email). Declared binaries (python3) and optional email senders are appropriate for the task; required env vars (Twitter / Brave / Tavily keys) listed in SKILL.md are the credentials you would expect for the described data sources.
Instruction Scope
SKILL.md instructions are scoped to collecting sources from declared feeds/APIs, merging/deduplicating, generating a report, and delivering via Discord/email. It explicitly reads workspace config overrides and the skill archive to avoid duplicates — that is reasonable for a pipeline that must dedupe and resume. No instructions tell the agent to read unrelated system files, exfiltrate arbitrary data, or contact unexpected endpoints (all external APIs mentioned are search/Twitter providers or the user's mail delivery tool).
Install Mechanism
There is no platform-level install spec (install steps are not included), but the repo includes runnable Python scripts and a requirements.txt. This is low risk but means the operator must install Python dependencies themselves. Minor inconsistency: email templates reference a 'gog gmail send' CLI while the pipeline uses send-email.py / system mail (msmtp) — the repo documents multiple delivery options but does not declare the 'gog' tool in optionalBins.
Credentials
Environment variables declared (X_BEARER_TOKEN, TWITTERAPI_IO_KEY, BRAVE_API_KEY(S), TAVILY_API_KEY) map to the declared integration backends. No unrelated credentials (AWS, SSH keys, database passwords) are requested. Email delivery relies on system mail or optional tools; the repo states it does not write credentials to disk. This access is proportionate to the skill's functionality.
Persistence & Privilege
Skill is not marked always:true and does not request elevation or modification of other skills. It reads and writes within its workspace archive/config paths per its stated purpose (archiving reports, reading workspace overrides). Autonomous invocation (default) is allowed but is the platform norm and not by itself a red flag.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install media-news-digest
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /media-news-digest 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
Fix SKILL.md: 65 sources, all env vars, 14 scripts, quality score display, article enrichment, Tavily/Brave multi-key, PDF email
v2.1.0
Article enrichment, Tavily web search, multi-key Brave API, quality score display, PDF email, 65 sources
v1.8.1
Add second email recipient support
v1.8.0
Simplify prompt, CONTRIBUTING.md, EMAIL_FROM, email parity
v1.7.2
Email delivery: prefer mail/msmtp, fallback to gog
v1.7.1
Prompt injection sanitization in summarize-merged.py
v1.7.0
summarize-merged helper, zsh compat, archive path fix
v1.6.3
Republish
v1.6.2
Schema fix (reddit type), declare deps/credential access, update quick start
v1.6.1
KOL display names, code quality cleanup, unused import removal
v1.6.0
Unified parallel pipeline, Reddit SSL/parallel fix, Brave auto-concurrency
v1.5.1
v1.5.1: Security fix — HTML sanitizer for email output prevents XSS from untrusted RSS/Twitter/web content
v1.5.0
v1.5.0: URL dedup, Reddit scoring boost, web retry, topic coverage fix (upcoming 0→12), 44 sources (38 enabled), all tech-digest leftovers cleaned
v1.3.0
Add Upcoming Releases section for North American theater openings
v1.2.0
Add China section (first position), 6 Reddit sources, 3 China RSS feeds, 41 total sources
v1.1.0
Initial ClawHub release: 29 sources, 7 topic sections, Discord + email delivery, Chinese body with English source links
元数据
Slug media-news-digest
版本 2.1.1
许可证
累计安装 1
当前安装数 1
历史版本数 16
常见问题

Media News Digest 是什么?

Generate media & entertainment industry news digests. Covers Hollywood trades (THR, Deadline, Variety), box office, streaming, awards season, film festivals,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 960 次。

如何安装 Media News Digest?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install media-news-digest」即可一键安装,无需额外配置。

Media News Digest 是免费的吗?

是的,Media News Digest 完全免费(开源免费),可自由下载、安装和使用。

Media News Digest 支持哪些平台?

Media News Digest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Media News Digest?

由 Linfeng Liang(@dinstein)开发并维护,当前版本 v2.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论