← 返回 Skills 市场
67
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install news-brief-skill
功能描述
根据用户设定的兴趣方向,每天定时获取对应领域的新闻内容,生成摘要简报并推送至用户指定渠道,支持用户反馈与Skill优化。
安全使用建议
This skill appears to implement the advertised news-aggregation and push features, but check these before installing:
- Understand where credentials will be stored: the skill saves per-user configs (email, webhook tokens, etc.) under data/users and backs them up. If those directories are on a shared host, others may access them.
- Encryption is implemented, but the encryption key is generated and saved to config/encryption.key by default. That means anyone with filesystem access to the skill folder can decrypt stored secrets. Prefer supplying an encryption key from a secure secret store or environment variable and confirm the key file is not committed or exposed.
- The documentation claims it does not store user identity, but the code stores user IDs and per-user directories. If that conflicts with your privacy requirements, do not install as-is.
- Review and restrict filesystem permissions for the skill directory (config/ and data/), and consider running it in an isolated environment.
- There are some code-quality issues (e.g., a missing import and other truncated blocks in the provided sources) — you should test in a safe environment before enabling automatic daily runs.
If you want to proceed: (1) provide credentials only when necessary, (2) replace the on-disk encryption key with a key from a secure secret manager or environment variable, (3) restrict access to the skill directory, and (4) audit any additional omitted files not included here.
功能分析
Type: OpenClaw Skill
Name: news-brief-skill
Version: 1.0.0
The news-brief-skill is a well-structured news aggregation and notification tool designed to fetch, summarize, and push news updates to users. It implements legitimate features for multi-source news gathering (RSS, API, and BeautifulSoup-based web scraping) and supports multiple notification channels including Email, DingTalk, and Telegram. Notably, the skill demonstrates good security practices in `scripts/config_manager.py` by using AES-256 encryption (via the cryptography library) to protect sensitive user credentials such as SMTP passwords and API tokens. No evidence of malicious intent, unauthorized data exfiltration, or dangerous command execution was found across the codebase.
能力评估
Purpose & Capability
The code files and SKILL.md match the stated purpose: multi-source news fetching, summarization, multi-channel push, and feedback-driven optimization. The included modules (news_fetcher, summarizer, pusher, config manager, feedback handler) are appropriate for this functionality.
Instruction Scope
Runtime instructions are reasonable: copy skill into OpenClaw, install listed Python deps, configure optional API keys/webhooks, and set user preferences. However, SKILL.md/documentation claims '不存储用户身份信息' while the implementation stores per-user configs and user_id directories under data/users; it also instructs storing credentials (email, webhooks) which the code persists. This is a privacy/accuracy mismatch.
Install Mechanism
There is no install spec that downloads external artifacts; the package is delivered as source files. Dependencies are standard Python packages (requests, bs4, feedparser, cryptography, etc.) declared in the docs. No remote installers, obscure URLs, or extracted archives were used.
Credentials
The skill requests no environment variables in the registry metadata, but the code expects and persists sensitive credentials (SMTP creds, Telegram bot token, DingTalk webhook, etc.) in per-user config files. Those fields are 'encrypted' by the skill, but the ConfigManager generates and stores the encryption key to config/encryption.key on disk (the code comments even say it should come from an environment variable). Storing the key alongside the encrypted data undermines the protection and is disproportionate given the claimed 'privacy' guarantees.
Persistence & Privilege
The skill persists user configs, backups, logs, and an encryption key under the skill project (data/, config/encryption.key, data/backups/). It does not request elevated platform privileges, nor is always:true set, but writing persistent credentials and a plaintext encryption key to the skill's directory increases risk if the host or skill directory is accessible by other parties.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install news-brief-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/news-brief-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Personalized news briefing with multi-channel push and user feedback optimization
元数据
常见问题
News Brief Skill 是什么?
根据用户设定的兴趣方向,每天定时获取对应领域的新闻内容,生成摘要简报并推送至用户指定渠道,支持用户反馈与Skill优化。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 67 次。
如何安装 News Brief Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install news-brief-skill」即可一键安装,无需额外配置。
News Brief Skill 是免费的吗?
是的,News Brief Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
News Brief Skill 支持哪些平台?
News Brief Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 News Brief Skill?
由 thiswin(@17oko)开发并维护,当前版本 v1.0.0。
推荐 Skills