← 返回 Skills 市场
juniarto-samsudin

tech-news-bulletin

作者 juniarto-samsudin · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tech-news-bulletin
功能描述
Collect latest technology and AI news from RSS feeds AND the TLDR.tech AI newsletter, merge them into a unified daily digest, and send via email.
安全使用建议
Before installing or running this skill, consider the following: - Do not run it unmodified. The shipped script contains a hardcoded list of recipient emails; if you run it as-is the digest will be emailed to those addresses. Replace or remove EMAIL_ADDRESSES before use. - The registry metadata omitted required env vars, but SKILL.md and the script expect SMTP_EMAIL and SMTP_PASSWORD. Ensure you set an appropriate SMTP account with limited permissions (use an app-specific password or a dedicated sending account) and never reuse a high-privilege credential. - The summarization request is POSTed to a hardcoded internal IP (http://172.20.86.203:11434). That endpoint will receive the article text (up to the truncated length the script sends). If you don't control/recognize that host, do not run the summarization or change the code to point to a trusted model endpoint or disable remote summarization. - The script logs to /tmp/openclaw-debug.log and SKILL.md suggests running a command at a hardcoded home path (/home/juniarto/...). Update paths to your environment to avoid accidental disclosure of your filesystem layout or relying on author-specific paths. - Audit the code paths that fetch pages (tldr.tech, RSS feeds) and the summarizer call, and consider running the script in an isolated environment (container or VM) until you are comfortable with its behavior. - If you need this functionality but want to minimize risk: remove the hardcoded recipients, make the Ollama endpoint configurable via environment variables (and default to disabled), and verify the SMTP usage with a disposable sending account. Given the hardcoded recipients and the non-configurable internal summarization endpoint, treat this skill as potentially leaking content unless you explicitly review and modify those parts.
功能分析
Type: OpenClaw Skill Name: tech-news-bulletin Version: 1.0.0 The skill contains hardcoded recipient email addresses belonging to a specific organization (a-star.edu.sg) and a hardcoded internal IP address (172.20.86.203) for the Ollama summarization service in scripts/bulletin.py. Although the SKILL.md documentation notes that these should be customized, the default configuration poses a data leakage risk by sending news digests to the hardcoded addresses and relies on a non-public network resource. This behavior suggests an improperly sanitized internal tool that could lead to unintended information disclosure if executed without modification.
能力评估
Purpose & Capability
The name/description align with the code: it fetches RSS and TLDR pages, merges/deduplicates, summarizes, and sends an HTML email. However there is a clear metadata mismatch: the registry metadata listed no required env vars, while SKILL.md (and the script) require SMTP credentials (SMTP_EMAIL/SMTP_PASSWORD). Also the script hardcodes a list of recipient email addresses, which is not justified by the generic 'send via email' description and may indicate the publisher intended to send digests to specific third-party recipients.
Instruction Scope
SKILL.md instructs running a script at a hardcoded user path (/home/juniarto/.openclaw/...), tails /tmp/openclaw-debug.log, and suggests a cron job payload. The code itself fetches external URLs (RSS feeds, tldr.tech) and posts article text to an Ollama generation endpoint at a hardcoded internal IP (http://172.20.86.203:11434). The instructions and code also require editing the script to customize EMAIL_ADDRESSES, but the shipped default contains organization-specific emails — meaning if a user runs this without editing, content will be emailed to those addresses. All of the above extend the skill's scope into network communications and potential data transmission beyond the user's control.
Install Mechanism
This is an instruction-only skill with no install spec; the SKILL.md asks the user to pip install a small handful of Python packages (feedparser, requests, beautifulsoup4). That is proportionate to the described functionality and is lower risk than downloading/executing arbitrary archives.
Credentials
Sending email legitimately needs SMTP credentials, and SKILL.md/installation instructions require SMTP_EMAIL and SMTP_PASSWORD. But the registry metadata did not declare these env vars, creating an inconsistency. Additionally, the script does not require any other credentials but will send content to a hardcoded recipient list (organization emails) and send article text to a hardcoded Ollama endpoint on a private IP — both of which could leak content. The use of an internal IP for summarization is not explained or configurable through environment variables, reducing user control over where content is sent.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. The cron example is user-supplied and not automatically installed by the skill. The script writes logs to /tmp/openclaw-debug.log (expected for debugging) but does not appear to change other skills' configs or request persistent platform-level privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tech-news-bulletin
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tech-news-bulletin 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of tech-news-bulletin skill: - Collects latest technology and AI news from selected RSS feeds and the TLDR.tech AI newsletter. - Merges, deduplicates, and summarizes articles, generating a daily HTML email digest. - Supports per-article source badges (RSS feed name or "TLDR AI") and strips sponsor content from TLDR. - Sends digest via SMTP to configured email addresses. - Provides configurable sources, email recipients, digest length, and supports direct or scheduled (cron) execution.
元数据
Slug tech-news-bulletin
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

tech-news-bulletin 是什么?

Collect latest technology and AI news from RSS feeds AND the TLDR.tech AI newsletter, merge them into a unified daily digest, and send via email. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 tech-news-bulletin?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tech-news-bulletin」即可一键安装,无需额外配置。

tech-news-bulletin 是免费的吗?

是的,tech-news-bulletin 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

tech-news-bulletin 支持哪些平台?

tech-news-bulletin 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 tech-news-bulletin?

由 juniarto-samsudin(@juniarto-samsudin)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论