← 返回 Skills 市场
448
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skills-weekly
功能描述
OpenClaw Skills Weekly — tracks trending ClawHub skills, generates GitHubAwesome-style YouTube video scripts with two-track ranking (Movers + Rockets).
安全使用建议
This skill appears to do exactly what it says: fetch public ClawHub data, record snapshots to a local SQLite DB, optionally fetch READMEs, compute rankings, and call Claude (Anthropic) to generate scripts. Before installing/run: 1) inspect requirements.txt to ensure no unexpected packages are installed; 2) keep your ANTHROPIC_API_KEY secret and provide it only if you want LLM script generation (without it the pipeline skips the LLM step); 3) set SKILLS_WEEKLY_DATA and HOST_OUTPUT_DIR if you want to control where the DB and reports are stored (the default can write to a host mount if present); 4) if you don't want social capture, run with --skip-x or omit XAI_API_KEY; 5) consider running in an isolated container or VM and run the pipeline in snapshot-only mode first to observe behavior before enabling network-intensive modes. If you want extra assurance, review script_generator.py to confirm the Anthropic client uses the expected API endpoints and that no unexpected remote endpoints are contacted.
功能分析
Type: OpenClaw Skill
Name: skills-weekly
Version: 1.1.0
The skill is classified as suspicious primarily due to a critical prompt injection vulnerability identified in `SKILL.md`. The instructions for the agent to execute `python3 run_weekly.py` directly embed user-provided input (`${EPISODE_NUM}`) into a shell command, creating a clear remote code execution risk. Additionally, `run_weekly.py` uses `subprocess.run` to execute `docker cp` commands, copying the skill's database from a Docker container to the host. While intended for legitimate data retrieval, this is a powerful and sensitive capability that could be abused if the agent were compromised, further contributing to the suspicious classification.
能力评估
Purpose & Capability
Name/description match the implementation: the code fetches ClawHub API pages, stores snapshots, computes velocity, harvests READMEs, and uses an LLM (Anthropic) for script generation. Required binary (python3) and required env var (ANTHROPIC_API_KEY) align with the described functionality. Optional env vars (GITHUB_TOKEN, XAI_API_KEY, CLAWHUB_BASE_URL) are also justified by their stated uses.
Instruction Scope
SKILL.md instructs installing requirements and running the pipeline (discovery → snapshot → rank → harvest → script). It also documents a 'community' mode that uses web searches and an X/Twitter capture step — this expands network access but is consistent with the stated community-signal feature. The pipeline writes local files (SQLite DB, markdown, script text). No instructions request unrelated system secrets or broad file-system scraping. Note: the CLI suggests running docker exec for scheduled runs, which is normal for automation but will run the same code inside the gateway/container.
Install Mechanism
There is no formal install spec (instruction-only skill) and files are pure Python. The SKILL.md asks to run pip install -r requirements.txt; installing third‑party Python packages is expected but always worth reviewing. No downloads from suspicious URLs or archive extraction are present in the manifest.
Credentials
Only one required environment variable is declared (ANTHROPIC_API_KEY), which is appropriate for the LLM script-generation step. Other environment variables are optional and have clear justifications (GITHUB_TOKEN for fetching READMEs, XAI_API_KEY for optional X capture, CLAWHUB_BASE_URL for testing). No unrelated cloud or system credentials are required.
Persistence & Privilege
always:false (normal). The skill creates and writes to a local SQLite DB and a workspace data directory; it also can write to a host mount path (/mnt/host/skills-weekly) if available or when HOST_OUTPUT_DIR is set. This is consistent with a reporting pipeline but you should be aware it persists data to disk and may expose outputs to host mounts if the container is mounted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skills-weekly - 安装完成后,直接呼叫该 Skill 的名称或使用
/skills-weekly触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Container DB bridge for real 7-day deltas + GitHubAwesome script style (few-shot, 30-50 words, sardonic hooks)
v1.0.0
Initial release: ClawHub trending skills tracker + GitHubAwesome video scripts
元数据
常见问题
OpenClaw Skills Weekly 是什么?
OpenClaw Skills Weekly — tracks trending ClawHub skills, generates GitHubAwesome-style YouTube video scripts with two-track ranking (Movers + Rockets). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 448 次。
如何安装 OpenClaw Skills Weekly?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skills-weekly」即可一键安装,无需额外配置。
OpenClaw Skills Weekly 是免费的吗?
是的,OpenClaw Skills Weekly 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Skills Weekly 支持哪些平台?
OpenClaw Skills Weekly 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Skills Weekly?
由 ademczuk(@ademczuk)开发并维护,当前版本 v1.1.0。
推荐 Skills