← 返回 Skills 市场
199
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install spotify-news-digest
功能描述
Scrape and summarize Spotify-related news from multiple sources (Spotify official blogs, engineering/research/newsroom, TechCrunch, The Verge, Music Business...
安全使用建议
This skill appears coherent for aggregating public Spotify news. Before installing: (1) review and optionally tighten config/sources.json and ALLOWED_DDG_DOMAINS to avoid accidental internal-host hits; (2) install dependencies into an isolated environment (virtualenv/container) and audit PyPI packages listed in requirements.txt; (3) if you plan to schedule it, run it in a network-isolated container or VM and confirm the cron/job delivery target (so digests aren't sent to unintended recipients); (4) if you operate on a restricted network, be cautious — the skill makes outbound HTTP requests to public news sites and DuckDuckGo/Algolia and should not be given access to internal-only hosts.
功能分析
Type: OpenClaw Skill
Name: spotify-news-digest
Version: 1.0.1
The spotify-news-digest skill is a legitimate news aggregator that collects and summarizes Spotify-related updates from official and media sources. The code demonstrates good security practices, including an explicit domain allowlist (ALLOWED_DDG_DOMAINS in fetch_spotify_news.py) to mitigate SSRF risks from search results and enforced TLS verification for all network requests. No evidence of malicious intent, data exfiltration, or prompt injection was found; the logic is transparent and aligns perfectly with the stated purpose.
能力评估
Purpose & Capability
Name/description match the implementation: scripts fetch RSS, Hacker News (Algolia) and DuckDuckGo News results, deduplicate/score items, and render a Chinese digest. Declared dependencies (feedparser, beautifulsoup4, requests, ddgs) are appropriate for web scraping and parsing.
Instruction Scope
SKILL.md instructions stay within scope: fetch sources from config/sources.json, run generate_digest.py, and optionally have an LLM produce zh_summary fields. It warns about running in environments with internal network access. There are no instructions to read unrelated system files, environment secrets, or to send data to unexpected external endpoints.
Install Mechanism
This is instruction+code only (no install spec). A requirements.txt lists PyPI packages; the package sources are standard (PyPI libraries). There is no download-from-arbitrary-URL or archive extraction. Users should still pip-audit dependencies before installing in sensitive environments.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond its own config/sources.json. Network access is necessary for its stated purpose; no unrelated secrets or credentials are requested.
Persistence & Privilege
The skill does not set always:true and does not request elevated or permanent platform-wide privileges. SKILL.md mentions optional scheduling; the guidance to confirm delivery target is appropriate. Autonomous invocation defaults are unchanged (normal).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spotify-news-digest - 安装完成后,直接呼叫该 Skill 的名称或使用
/spotify-news-digest触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
**Security-focused release: Now enforces strict domain allowlists and improved safety for news fetching.**
- Enforces TLS verification on all HTTP requests for news fetching.
- Introduces a strict domain allowlist (`ALLOWED_DDG_DOMAINS`) for all DuckDuckGo news search results; only results from approved public news domains are accepted.
- Updates documentation with prominent security notes, including advice for safe scheduling and isolating the skill from internal networks and services.
- Requires auditing of pip dependencies before installation in sensitive or production environments.
- No changes to the news gathering features or API; security improvements and documentation clarification only.
v1.0.0
- Initial release of the spotify-news-digest skill.
- Added a SKILL.md template with guidance for documenting capabilities, structure options, and example content patterns.
- No functional code or specific features included yet; document focuses on instructions for structuring and developing the skill.
元数据
常见问题
spotify-news-digest 是什么?
Scrape and summarize Spotify-related news from multiple sources (Spotify official blogs, engineering/research/newsroom, TechCrunch, The Verge, Music Business... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 199 次。
如何安装 spotify-news-digest?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spotify-news-digest」即可一键安装,无需额外配置。
spotify-news-digest 是免费的吗?
是的,spotify-news-digest 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
spotify-news-digest 支持哪些平台?
spotify-news-digest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 spotify-news-digest?
由 Bill Xia(@ibillxia)开发并维护,当前版本 v1.0.1。
推荐 Skills