← 返回 Skills 市场
zy66677

News Aggregator Skill 0.1.0

作者 zy66677 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
585
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install news-aggregator-skill-0-1-0
功能描述
Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt,...
安全使用建议
This skill appears to implement what it claims (multi-source scraping and deep article extraction) and asks for no credentials, but exercise caution before installing: 1) Inspect SKILL.md and templates.md for hidden/unexpected characters (the pre-scan flagged unicode control characters). Remove or sanitize any invisible/control characters. 2) Verify provenance — README points at a GitHub repo; confirm the repo and publisher identity before cloning or running. 3) Run the Python script in a sandboxed environment (network-restricted or with egress monitoring) first — the 'deep' option fetches arbitrary URLs and can download page content. 4) Review the full fetch_news.py (the bundled file appears truncated in the package preview); ensure there are no hidden endpoints or exfiltration logic. 5) Limit concurrency/limits when doing a Global Scan to avoid large-scale requests. 6) If you plan to persist reports, check that the reports/ directory content and filenames are acceptable and that no unexpected data (e.g., credentials) would be written there. If you can, ask the publisher to provide a canonical homepage or signed source so provenance is clear. If the SKILL.md is cleaned of control characters and the rest of the code is intact/transparent, the skill could be treated as coherent and low-risk.
功能分析
Type: OpenClaw Skill Name: news-aggregator-skill-0-1-0 Version: 1.0.0 The skill is classified as suspicious due to the presence of prompt injection instructions within `SKILL.md` that direct the AI agent to modify user input (e.g., 'CRITICAL: You MUST automatically expand the user's simple keywords...'). While the stated intent is to enhance search functionality, this capability could be exploited if the expansion logic were flawed or if the agent were instructed to expand into malicious commands. Additionally, the skill performs extensive web scraping from external sources (`scripts/fetch_news.py`) and processes untrusted content, including fetching full article text (`--deep` flag). Although the script includes basic sanitization (removing script/style tags, truncating content, URL validation), the inherent risks of processing arbitrary external data and the agent's interpretation of its own instructions (e.g., file writing to `reports/`) introduce potential vulnerabilities that could lead to unintended actions or RCE if exploited, even without clear evidence of intentional malicious design.
能力评估
Purpose & Capability
Name/description, README, SKILL.md and the included scripts/fetch_news.py consistently implement multi-source news fetching and deep content extraction for the eight listed sources. No unrelated credentials, binaries, or config paths are requested. Minor mismatch: README references a GitHub repo and install workflows, while registry source/homepage are unknown — provenance is unclear but capability requests are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read templates.md and to save reports into reports/ (expected for this skill). However, it contains many all-caps/mandatory directives ("MUST", "CRITICAL") telling the agent exactly how to behave (automatic keyword expansion, manual filtering of large result sets, strict formatting rules, language constraints). These high-authority instructions in SKILL.md could be used as prompt-injection vectors. Additionally, a pre-scan found unicode-control-chars inside SKILL.md (hidden characters can hide or alter instructions). No instructions ask for unrelated files or secrets, but the injection signal elevates risk in the instruction scope.
Install Mechanism
There is no install spec; this is instruction-plus-script. requirements.txt lists only requests and beautifulsoup4 — appropriate for a scraper. No downloads from untrusted URLs or archived extract steps in the install metadata. README suggests git cloning from a GitHub repo (SSH URL), but that is guidance rather than an automated installer in the package metadata.
Credentials
The skill requests no environment variables or secrets. Its network access to many public endpoints (Hacker News, GitHub Trending, Weibo, Tencent, 36Kr, V2EX, WallStreetCN, Product Hunt) is proportional to its purpose. The 'deep' mode fetches and extracts full article text (arbitrary URLs) — expected but note this performs broad outbound HTTP(s) requests and downloads page content.
Persistence & Privilege
No elevated privileges requested. always is false and autonomous model invocation is default. SKILL.md asks to write reports into a local reports/ directory (normal for a reporting skill). The skill does not request or appear to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install news-aggregator-skill-0-1-0
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /news-aggregator-skill-0-1-0 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
news-aggregator-skill 1.0.0 - Launch of a comprehensive news aggregator fetching, filtering, and deeply analyzing real-time news from 8 major sources (Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, Weibo). - Adds robust command-line usage for broad (global) scanning, deep semantic keyword expansion, and precise keyword filtering with a new `--deep` fetch feature to extract full article content. - Implements smart time filtering and "smart fill" logic to ensure meaningful daily reports, including annotated supplementary items if needed. - Introduces interactive in-skill help/menu system activated by trigger phrases, guiding users through available commands. - Outlines strict, engaging report formatting guidelines (in Simplified Chinese), including markdown-linked headlines and required deep analysis for selected items. - Automatically generates and saves detailed, timestamped reports for each news session.
元数据
Slug news-aggregator-skill-0-1-0
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

News Aggregator Skill 0.1.0 是什么?

Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 585 次。

如何安装 News Aggregator Skill 0.1.0?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install news-aggregator-skill-0-1-0」即可一键安装,无需额外配置。

News Aggregator Skill 0.1.0 是免费的吗?

是的,News Aggregator Skill 0.1.0 完全免费(开源免费),可自由下载、安装和使用。

News Aggregator Skill 0.1.0 支持哪些平台?

News Aggregator Skill 0.1.0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 News Aggregator Skill 0.1.0?

由 zy66677(@zy66677)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论