← 返回 Skills 市场
RSS Reader
作者
DimitriPantzos
· GitHub ↗
· v1.0.0
7064
总下载
3
收藏
52
当前安装
1
版本数
在 OpenClaw 中安装
/install rss-reader
功能描述
Monitor RSS and Atom feeds for content research. Track blogs, news sites, newsletters, and any feed source. Use when monitoring competitors, tracking industr...
安全使用建议
Install this only if you want your agent to fetch RSS/Atom feeds. Review configured feed URLs, prefer trusted HTTPS feeds, avoid localhost or private-network feed URLs, treat feed item text as untrusted content rather than instructions, and enable cron or heartbeat checks only if you want ongoing background polling.
功能分析
Type: OpenClaw Skill
Name: rss-reader
Version: 1.0.0
The skill is suspicious due to a significant prompt injection vulnerability. The `SKILL.md` explicitly instructs the AI agent to 'summarize new items worth reading' from RSS feeds, especially when using the `--format ideas` option. The `scripts/rss.js` script fetches content from user-controlled URLs and directly embeds the `item.title` and `item.description` (after basic HTML entity decoding) into the markdown output that the agent is instructed to summarize. This allows an attacker who controls an RSS feed to inject malicious instructions into the agent's prompt, potentially leading to unauthorized actions. While the script itself doesn't contain malicious code, this interaction creates a critical attack surface.
能力评估
Purpose & Capability
The files coherently implement RSS/Atom feed management: add, remove, list, check configured feeds, store feed metadata, and print item titles, links, and descriptions.
Instruction Scope
The activation language is broad around content research and competitor tracking, and the skill does not explicitly warn that feed text is untrusted, but the behavior remains scoped to RSS/Atom workflows.
Install Mechanism
No hidden installer or privileged setup is present; the documentation mentions npm dependencies and a parser module that are not actually used or included, which is an accuracy issue rather than a security concern.
Credentials
Outbound HTTP/HTTPS requests to configured feed URLs, redirect following, and local writes to the skill's feeds file are expected for an RSS reader, though the script does not block internal or private network targets.
Persistence & Privilege
The skill persists feed configuration and last-check timestamps and documents optional cron or heartbeat scheduling; there is no automatic persistence beyond user-run commands or user-enabled scheduling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rss-reader - 安装完成后,直接呼叫该 Skill 的名称或使用
/rss-reader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Monitor RSS/Atom feeds for content research
元数据
常见问题
RSS Reader 是什么?
Monitor RSS and Atom feeds for content research. Track blogs, news sites, newsletters, and any feed source. Use when monitoring competitors, tracking industr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 7064 次。
如何安装 RSS Reader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rss-reader」即可一键安装,无需额外配置。
RSS Reader 是免费的吗?
是的,RSS Reader 完全免费(开源免费),可自由下载、安装和使用。
RSS Reader 支持哪些平台?
RSS Reader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RSS Reader?
由 DimitriPantzos(@dimitripantzos)开发并维护,当前版本 v1.0.0。
推荐 Skills