← 返回 Skills 市场
78
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install meridian-intel
功能描述
Anti-FOMO AI intelligence for product leaders. Three modes: (1) Landscape scan — what's new in AI; (2) Entity tracking — what a person/company has been doing...
安全使用建议
This skill appears coherent with its purpose: it instructs the agent to run date-bounded web searches, call public APIs (HN Algolia, GitHub, arXiv), and do browser deep reads to assemble sourced timelines. Before installing, consider:
- Operational prerequisites: the SKILL.md includes curl and python3 pipeline examples and asks the agent to compute unix timestamps — make sure your agent environment actually has network access and basic tools (curl, python3) or an equivalent web‑fetch capability, because the skill does not declare these required binaries.
- Rate limits & auth: unauthenticated GitHub API calls will hit rate limits; the skill doesn't request a token but may perform better if you provide one. Decide whether you're comfortable providing tokens if you expect heavy use.
- Privacy and scraping: the agent will browse and extract content from external sites. Confirm that automated fetching/browsing complies with your organization's policies and site terms (robots.txt, TOS). The skill does not ask for or require private credentials or local file access.
- Autonomy tone: the SKILL.md contains the phrase 'Don't ask permission. Just do it.' — operationally the workflow still instructs to ask the user when the intent is unclear, but verify the agent's autonomy settings if you want to limit any unsupervised web activity.
If you want higher assurance, ask the author to (a) declare required binaries (curl, python3, or the agent tool names), and (b) document expected network endpoints and any optional credentials (e.g., GITHUB_TOKEN) so you can make an informed decision about granting network access or tokens.
功能分析
Type: OpenClaw Skill
Name: meridian-intel
Version: 1.0.0
The skill bundle is designed for AI market intelligence but contains significant security vulnerabilities. Specifically, in SKILL.md and references/search-playbook.md, it instructs the agent to execute shell commands using curl piped into python3, incorporating unvalidated variables (like {keyword}) directly into the command string. This pattern creates a high risk of shell injection if the agent processes malicious user input or untrusted search results. While the intent appears to be functional data retrieval from public APIs (HackerNews, GitHub), the lack of input sanitization and the use of high-privilege execution methods meet the criteria for a suspicious classification.
能力评估
Purpose & Capability
The name/description (AI intelligence for product leaders: landscape scans, entity tracking, product discovery) match the SKILL.md content and included templates. The searches, HN/GitHub/arXiv usage, and browser reading are expected for this purpose. Minor inconsistency: the SKILL.md contains shell/curl/python3 examples but the skill declares no required binaries — the agent will need network access plus tools like curl/python3 or equivalent to run the provided snippets.
Instruction Scope
Runtime instructions are narrowly focused on web searches, API queries (HN Algolia, GitHub API, arXiv), and browser deep-reading to extract dates and source links; they repeatedly require date-constrained searches and source attribution. The one strong directive 'Don't ask permission. Just do it.' is stylistic but the workflow itself requires confirming ambiguous user intent. No instructions ask to read unrelated local files, access other credentials, or exfiltrate data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. The skill expects use of public web APIs and browser access; it does not download or install third-party code.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It relies only on public web APIs and browsing. This is proportional to its stated functionality. Note: unauthenticated GitHub API and public endpoints are used; for heavier use a token may be needed (not requested here).
Persistence & Privilege
always:false (normal). The skill does not request permanent system presence or to modify other skills/config. Autonomous invocation is allowed (platform default) but not elevated here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meridian-intel - 安装完成后,直接呼叫该 Skill 的名称或使用
/meridian-intel触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of meridian: an anti-FOMO AI intelligence tool for product leaders.
- Three core modes: Landscape scan (AI what's new), Entity tracking (person/company activity), Product discovery (breakout products in an ecosystem).
- Reports include timeline narratives with real, clickable source links—never just a list of links.
- Strict timeliness: all search/results constrained by explicit date windows, with rigorous date checks for each result.
- Outputs are storylines or quick reports, emphasizing "so what" for product decisions; all facts are source-verified.
- Anti-hallucination rules: no fabricated URLs/events, all facts directly tied to sources, honesty about missing or uncertain information.
元数据
常见问题
Meridian 是什么?
Anti-FOMO AI intelligence for product leaders. Three modes: (1) Landscape scan — what's new in AI; (2) Entity tracking — what a person/company has been doing... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 Meridian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meridian-intel」即可一键安装,无需额外配置。
Meridian 是免费的吗?
是的,Meridian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Meridian 支持哪些平台?
Meridian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Meridian?
由 cheibjkb(@cheibjkb)开发并维护,当前版本 v1.0.0。
推荐 Skills