← 返回 Skills 市场
ppopen

Podcast Manager

作者 pp · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
288
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install podcast-manager
功能描述
Find, subscribe to, track, and summarize podcast episodes using public RSS feeds and lightweight local tracking files. Use when a user asks to add/manage pod...
安全使用建议
This skill appears to do what it says: fetch public RSS/Atom feeds, summarize episodes, and store minimal local tracking files. Things to consider before installing or enabling it for autonomous use: - Review the bundled scripts (scripts/feed_probe.py) and, if possible, run them in a sandbox before giving the agent network access. The script includes several good protections (size limit, blocking DOCTYPE/ENTITY, DNS-based private-IP checks), but it performs DNS resolution once before the HTTP request and does not re-validate the final IP after redirects. A malicious or misconfigured feed server could issue a redirect to a private/internal address, potentially enabling SSRF. Ask the maintainer to either block redirects or validate the final resolved IP after redirects. - The skill will fetch arbitrary HTTP/HTTPS URLs and create files under memory/podcasts. If you run agents in an environment with sensitive internal services, consider restricting outbound network access or running the agent in a network-isolated environment. - Because the skill writes local files, back up any important data you keep under the memory directory and ensure file permissions are appropriate. - If you need stronger guarantees, request or implement an additional check that validates the final request target (post-redirect) and/or enforces no-redirect behavior when probing feeds. Overall the package is coherent and minimal, but review the redirect/SSRF edge case and run the bundled probe in a controlled environment if you have sensitive internal resources.
功能分析
Type: OpenClaw Skill Name: podcast-manager Version: 1.0.0 The podcast-manager skill is well-implemented and includes proactive security measures. The 'scripts/feed_probe.py' utility features robust SSRF mitigation by validating resolved IP addresses against private and loopback ranges, and it protects against XXE and resource exhaustion by checking for suspicious XML patterns and enforcing a 5MB response limit. The 'SKILL.md' instructions are strictly aligned with the stated purpose and include explicit safety guidelines to prevent unauthorized actions or data exposure.
能力评估
Purpose & Capability
Name and description (subscribe, track, summarize podcasts via public RSS) match the included instructions and the feed_probe helper. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md restricts behavior to discovering/parsing public feeds and persisting local files under memory/podcasts; it warns against auto-subscribing and exposing private local paths. The included feed_probe.py implements safe parsing, size limits, and blocks private IP ranges. However, the probe resolves DNS before fetching and does not re-check the network location after redirects, which could allow a server to redirect to an internal address (redirect-based SSRF / TOCTOU). The SKILL.md does not explicitly require using the bundled script, so runtime behavior depends on how the agent is implemented.
Install Mechanism
No install spec; this is an instruction-only skill with a small bundled Python utility. Nothing is downloaded from external URLs during install and no system-wide changes are requested.
Credentials
No environment variables, credentials, or config paths are required. The skill operates on public feeds and local workspace files only, which is proportionate to its stated function.
Persistence & Privilege
always is false and the skill only writes/reads its own workspace files (memory/podcasts). It does not request persistent platform privileges or claim to modify other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install podcast-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /podcast-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release with hardened feed probe and DD-reviewed safety controls
元数据
Slug podcast-manager
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Podcast Manager 是什么?

Find, subscribe to, track, and summarize podcast episodes using public RSS feeds and lightweight local tracking files. Use when a user asks to add/manage pod... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 288 次。

如何安装 Podcast Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install podcast-manager」即可一键安装,无需额外配置。

Podcast Manager 是免费的吗?

是的,Podcast Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Podcast Manager 支持哪些平台?

Podcast Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Podcast Manager?

由 pp(@ppopen)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论