← 返回 Skills 市场
科技新闻日报
作者
binhuatochina
· GitHub ↗
· v0.2.4
· MIT-0
92
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tech-news-daily-cn
功能描述
科技新闻日报技能。每日科技新闻热榜整理与报告生成。当用户说"科技新闻日报"、"整理今日科技新闻"、"生成科技新闻热榜"、"tech-news-daily"、"TechNews-Daily-Report"或类似表达时触发。功能包括:(1) 使用 Tavily 搜索引擎近7天科技/AI 新闻进行搜索;(2) 按相关度...
安全使用建议
This skill appears to do what it claims (collect tech news and publish it), but the SKILL.md contains explicit Feishu group/chat IDs and example tokens and requires writing local checkpoint files — all without declaring Feishu/Tavily credentials. Before installing or enabling it, verify the following: (1) Confirm that any hard-coded IDs (chat: oc_d591432..., space_id, node_token, etc.) belong to *you* or are safe — if not, the skill will send reports to an external group. (2) Require the skill to request explicit Feishu credentials or to use only the user's authenticated session (do not accept hard-coded tokens). (3) If you allow local file writes, check where files are stored (memory/YYYY-MM-DD-tech-news.md and checkpoint JSON) and whether those files may include sensitive content. (4) Consider running this skill in a sandboxed or test environment first and monitor outbound messages. (5) If you need a safer alternative, remove/replace hard-coded endpoints and require explicit user confirmation before sending any messages to Feishu groups.
功能分析
Type: OpenClaw Skill
Name: tech-news-daily-cn
Version: 0.2.4
The skill contains hardcoded Feishu (Lark) identifiers, including a specific Chat Group ID (oc_d591432cedf9a00c01878c24754cb050), Space ID (7621391289904516315), and Owner Open ID (ou_d8ace8a146610ca26bc07d8e68a5620f) in SKILL.md and references/feishu-doc.md. While the primary logic is for tech news aggregation, hardcoding these destination tokens instead of using dynamic parameters or environment variables is a security risk, as it directs the agent to send its output to specific, pre-defined external endpoints that may not be under the user's control.
能力评估
Purpose & Capability
The declared purpose (daily tech-news aggregation, local Markdown + Feishu sync, and sending a Feishu message) aligns with the instructions. However, the SKILL.md contains hard-coded Feishu identifiers (a specific group chat id oc_d591432cedf9a00c01878c24754cb050 and example node/space tokens) and insists on sending messages to that target. Those hard-coded endpoints are not justified by the description and could route user data to a third party.
Instruction Scope
Instructions instruct the agent to run multi-step searches (tavily_search), merge and de-duplicate results, write local files under memory/YYYY-MM-DD-tech-news.md and a checkpoint JSON, create and write Feishu documents, and then mandatorily send a Feishu message to a specific chat. The skill also mandates preserving a subagent session until the Feishu message is sent. These actions access local storage and an external messaging endpoint; the hard-coded final message target and example tokens extend scope beyond a simple 'generate a report for the user' flow and risk exfiltration.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes install-time risk because nothing is downloaded or written during installation.
Credentials
The skill declares no required env vars or credentials, yet its runtime steps clearly require Feishu credentials/authorization and access to the 'tavily_search' tool. It also embeds sample space_id/node_token and a fixed chat id. This mismatch means the skill expects external credentials or platform-provided connectors without declaring them, which can lead to use of available credentials or writing to endpoints not owned by the user.
Persistence & Privilege
always:false and no special OS/config paths are requested. The skill writes files under a 'memory' path and manages its own checkpoint file — normal for a reporting tool. The real concern is behavioral: the skill enforces sending the final report to a specific Feishu chat and hard-codes tokens, which is a runtime action with non-trivial privacy/communication implications even if it doesn't request persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tech-news-daily-cn - 安装完成后,直接呼叫该 Skill 的名称或使用
/tech-news-daily-cn触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.4
回退到 v0.2.4:移除误添加的主题关联图功能,恢复原始版本;由于原slug被占用,使用tech-news-daily-cn发布
元数据
常见问题
科技新闻日报 是什么?
科技新闻日报技能。每日科技新闻热榜整理与报告生成。当用户说"科技新闻日报"、"整理今日科技新闻"、"生成科技新闻热榜"、"tech-news-daily"、"TechNews-Daily-Report"或类似表达时触发。功能包括:(1) 使用 Tavily 搜索引擎近7天科技/AI 新闻进行搜索;(2) 按相关度... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 科技新闻日报?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tech-news-daily-cn」即可一键安装,无需额外配置。
科技新闻日报 是免费的吗?
是的,科技新闻日报 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
科技新闻日报 支持哪些平台?
科技新闻日报 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 科技新闻日报?
由 binhuatochina(@binhuatochina)开发并维护,当前版本 v0.2.4。
推荐 Skills