← 返回 Skills 市场

Vesper

Name: Vesper
Author: indigokarasu

作者 Indigo Karasu · GitHub ↗ · v2.7.0 · MIT-0

cross-platform ⚠ suspicious

294

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ocas-vesper

功能描述

Daily briefing generator. Aggregates signals from across the system into concise morning and evening briefings. Surfaces outcomes, opportunities, and decisio...

安全使用建议

This skill appears to do what it claims — aggregate proposals and produce briefings — but review these before enabling it: - Confirm the filesystem read scope: skill.json allows reading ~/openclaw/data/*/intake/. Ask whether it can be limited to the specific skills it needs (e.g., ocas-corvus, ocas-rally) rather than the wildcard that touches every skill's intake. - Self-update inconsistency: the registry lists no required binaries but the skill declares a gh/tar/python3 update mechanism. Verify whether gh/tar/python3 are present and whether automatic self-updates are acceptable; consider disabling auto-update until you review the GitHub source. - Scheduled tasks / cron registration: the skill expects to register cron jobs. Ensure your platform/operator policy allows skills to create scheduled jobs and review what happens if the skill is removed or updated. - Data exposure: the skill writes journals and briefings to local directories (journals/ and briefings/) and creates inline links (calendar/gmail/maps). Make sure those output directories are acceptable destinations for user-facing content and do not leak private IDs to unintended consumers. - Source trust: the SKILL.md references a GitHub repo; if you plan to install, inspect that repository (or require a pinned release) to confirm there is no hidden behavior. Given the broad read permission and self-update inconsistencies, proceed only after narrowing filesystem access and confirming update/install behavior. If you want, I can list the exact paths and manifest lines that are most concerning or draft a permission-limited manifest you could request from the author.

功能分析

Type: OpenClaw Skill Name: ocas-vesper Version: 2.7.0 The skill implements a high-risk self-update mechanism (vesper.update) in SKILL.md and skill.json that uses the GitHub CLI and tar to download and overwrite its own directory with remote content from a hardcoded repository. While this is documented as a feature, the pattern of fetching and executing remote code via a cron job (vesper:update) creates a significant supply chain risk. Additionally, the skill possesses broad read access to sensitive directories containing email threads, financial data, and calendar events to perform its aggregation duties, which increases the impact of the aforementioned update mechanism.

能力评估

ℹ Purpose & Capability

The name/description (daily briefing aggregator) aligns with the instructions to read proposals and assemble briefings. However skill.json declares filesystem read access to ~/openclaw/data/*/intake/ (all skills' intake directories), which is broader than a narrowly scoped aggregator would typically need and could expose unrelated sensitive inputs.

✓ Instruction Scope

SKILL.md explicitly instructs the agent to read other skills' proposal directories, apply filtering, write briefings and journals, and preserve processed IDs. Those actions are coherent with an aggregator. There are no instructions that clearly attempt to exfiltrate data to unknown remote endpoints. It does reference external Calendar/Weather APIs and link formatting, which is expected for briefings.

ℹ Install Mechanism

The skill is instruction-only (no install spec) so there's no immediate download risk. But SKILL.md and README mention a self-update flow (openclaw skill install <github>, and skill.json documents a 'gh CLI + tar + python3' version-checked tarball update). The registry metadata elsewhere lists no required binaries — an inconsistency worth confirming before enabling automatic self-updates.

⚠ Credentials

Declared required env vars: none. But skill.json's filesystem policy (read: ~/openclaw/data/*/intake/) and the SKILL.md's explicit reads from other skills' proposal directories give it wide read access across the agent's skill data. That breadth is larger than strictly necessary to read a small set of proposal files and could surface unrelated sensitive content from other skills. Also self-update claiming gh/tar/python implies dependencies not declared in the lightweight manifest.

ℹ Persistence & Privilege

always:false (normal). The skill requests scheduled tasks (morning/evening/update) and the README describes registering cron jobs on init — that's persistent behavior but appropriate for a briefing service. Confirm whether the platform enforces or approves cron registration; automatic self-updates plus scheduled runs increase blast radius if the skill is later compromised.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ocas-vesper
安装完成后，直接呼叫该 Skill 的名称或使用 /ocas-vesper 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.7.0

ocas-vesper 2.7.0 - Major update: Vesper now reads proposals and data directly from other skills’ directories, not via intake handoff. - Expanded formatting rules—briefings output as plain text/minimal HTML (no markdown), stricter section management, new section header styles, and streamlined weather/markets language. - New ontology: Vesper observes and records entities (person, event, place) in briefing outputs, for use by downstream Chronicle. - Inter-skill integration revised: briefing content and status now rely on cooperative reads from Corvus, Custodian, Dispatch, and Rally; output files go to a new organized briefings directory for Dispatch pickup. - Documentation for run completion, formatting rules, and inter-skill interfaces rewritten and expanded.

v2.3.0

ocas-vesper 2.3.0 - Added initialization routine (`vesper.init`) to set up data directories, default config, and required cron jobs on first use. - Introduced a self-update command (`vesper.update`) and nightly cron job to update the skill from the GitHub source. - Expanded and clarified documentation, including initialization steps, command list, supported trigger phrases, and background task schedules. - Added a public README.md file for better external visibility and onboarding. - Documentation improvements for responsibility boundaries and clearer guidance on use cases and exclusions.

v2.0.0

- Added `references/journal.md` support file describing journal outputs and usage. - Documented new `vesper.journal` command for writing a journal at the end of every run. - Expanded skill boundaries and interfaces: clarified intake from Corvus, output locations, and inter-skill relationships. - Updated storage layout and configuration defaults, including journal output paths. - Added OKRs and linked to universal journaling requirements for consistent run evaluation.

v1.0.0

Initial release of ocas-vesper: concise daily briefing generator. - Aggregates system signals to create actionable morning and evening briefings in natural language. - Surfaces outcomes and opportunities while hiding internal system reasoning and processes. - Supports configurable briefing schedule, section selection, and on-demand or automatic delivery. - Distinct commands for generating briefings, listing pending decision requests, and adjusting configuration. - Strict inclusion/exclusion filtering and conversational formatting rules ensure clarity and relevance.

元数据

Slug ocas-vesper

版本 2.7.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

Vesper 是什么？

Daily briefing generator. Aggregates signals from across the system into concise morning and evening briefings. Surfaces outcomes, opportunities, and decisio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 294 次。

如何安装 Vesper？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ocas-vesper」即可一键安装，无需额外配置。

Vesper 是免费的吗？

是的，Vesper 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Vesper 支持哪些平台？

Vesper 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Vesper？

由 Indigo Karasu（@indigokarasu）开发并维护，当前版本 v2.7.0。