← 返回 Skills 市场
Notice Monitor
作者
jerryharbin
· GitHub ↗
· v1.0.1
· MIT-0
201
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install notice-monitor
功能描述
自动监控任意网站公告列表页,支持关键词过滤、多层级分类、定时推送及多渠道通知(钉钉、微信、邮件)。
安全使用建议
What to consider before installing:
- Major risk: the skill shells out to openclaw with the notification message embedded in a single command string. Because the message is built from scraped titles (external websites), an attacker-controlled site could craft content that executes arbitrary shell commands on your host. Don’t install or run this skill on systems you cannot afford to compromise.
- If you still want the functionality, ask the author to patch before use: replace execSync(string) with a safe alternative (execFile/spawn with argument array or use the OpenClaw messaging API/library), or thoroughly sanitize/encode the message to prevent shell expansion (escape $, `, \\, newlines, etc.).
- Ask for or apply these fixes: implement the other promised notify channels (webhook/email/wechat) properly; make state/log paths configurable (use ~/.openclaw/workspace by default) and document required host CLI credentials; avoid saving state inside the installed package directory.
- Additional operational notes: Puppeteer will download/consume a Chromium binary and increase disk/network usage. Only run on trusted hosts and consider running inside an isolated container or VM until the command-injection issue is resolved.
Confidence notes: High — the execSync call with interpolated, unsanitized message text is visible in code and is a straightforward command-injection vector. If you can confirm that the host 'openclaw message' CLI itself safely treats its arguments (no shell expansion) and that execSync is invoked in non-shell mode (not the case here), or that all monitored sites are fully trusted and cannot be tampered with, that would reduce the risk.
功能分析
Type: OpenClaw Skill
Name: notice-monitor
Version: 1.0.1
The notice-monitor skill contains a critical command injection vulnerability in src/monitor.js. The Notifier.send function uses child_process.execSync to call the openclaw CLI, passing a message string constructed from notice titles scraped from external websites. While the code attempts to escape double quotes, it fails to sanitize other shell metacharacters like backticks (`) or shell expansions ($()), allowing a malicious website to potentially achieve Remote Code Execution (RCE) on the agent's host. This is classified as suspicious rather than malicious because it appears to be a severe implementation flaw rather than an intentional backdoor.
能力评估
Purpose & Capability
The code implements a Puppeteer-based crawler/monitor and supports cron/dedup/keyword filtering as described. However the SKILL.md claims multiple notification channels (DingTalk/WeChat/Email/Webhook) while the implementation only actually invokes a DingTalk path (via the openclaw CLI) and otherwise just prints messages. Also docs reference state/log paths under ~/.openclaw/workspace but the code saves state to the skill's ../state directory — an inconsistency.
Instruction Scope
Notifier.send uses child_process.execSync to run a shell command embedding the generated message text directly: execSync(`openclaw message send --target "${config.target}" --message "${message.replace(/"/g, '\\"')}"`). The message content is derived from scraped page titles/metadata controlled by external websites — this allows shell command injection (e.g. $(...), backticks, or other shell expansions) and could result in arbitrary command execution on the host. The SKILL.md does not warn about this risk and claims other notification channels that are not implemented in code.
Install Mechanism
No explicit install spec is provided in the registry metadata (instruction-only), but the package.json lists Puppeteer and other npm deps; installing will likely pull large browser artifacts (Chromium) via Puppeteer. That is expected for a headless browser crawler but increases installation footprint.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However the use of the 'openclaw message send' CLI implies the runtime agent/host CLI will be invoked and may rely on platform credentials not declared by the skill. The skill does not request or document those credentials or permissions.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes state to a local 'state' directory inside the skill package (../state) rather than the documented workspace path — this is an implementation quirk but not an elevated privilege request.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notice-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/notice-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
修复 v1.0.1: 优化页面加载逻辑/增加数据等待/修复省级数据抓取/改进层级切换
v1.0.0
初始版本发布 - 支持多任务配置/关键词过滤/自动去重/DingTalk 通知
元数据
常见问题
Notice Monitor 是什么?
自动监控任意网站公告列表页,支持关键词过滤、多层级分类、定时推送及多渠道通知(钉钉、微信、邮件)。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 201 次。
如何安装 Notice Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notice-monitor」即可一键安装,无需额外配置。
Notice Monitor 是免费的吗?
是的,Notice Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Notice Monitor 支持哪些平台?
Notice Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Notice Monitor?
由 jerryharbin(@jerryharbin)开发并维护,当前版本 v1.0.1。
推荐 Skills