← 返回 Skills 市场
科技新闻日报
作者
binhuatochina
· GitHub ↗
· v0.3.1
· MIT-0
143
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install technews-daily-report
功能描述
科技新闻日报技能。每日科技新闻热榜整理与报告生成。当用户说"科技新闻日报"、"整理今日科技新闻"、"生成科技新闻热榜"、"tech-news-daily"、"TechNews-Daily-Report"或类似表达时触发。功能包括:(1) 使用 Tavily 搜索引擎近7天科技/AI 新闻进行搜索;(2) 按相关度...
安全使用建议
Do not install blindly. Questions and checks before proceeding: 1) Ask the author why no Feishu/Tavily credentials are declared — the skill must explain how it authenticates. 2) Demand that the Feishu target(s) be configurable (not a hard-coded chat ID) or removed; confirm who controls chat:oc_d591432cedf9a00c01878c24754cb050. 3) Verify what 'memory/' maps to on your system and inspect files it creates; run in a sandbox first. 4) If you still test it, deny or carefully scope Feishu permissions (use a test account/space) so reports cannot be sent to unknown external groups. 5) If you need this skill, require it to request explicit credentials and allow the user to choose the destination; otherwise treat it as untrusted. If you want, request the author to provide a version that: (a) declares required env vars for Feishu/Tavily, (b) removes hard-coded chat IDs/tokens, and (c) makes sending to external groups optional and user-confirmed.
功能分析
Type: OpenClaw Skill
Name: technews-daily-report
Version: 0.3.1
The skill aggregates tech news and sends reports to Feishu (Lark). It is classified as suspicious because it contains hardcoded destination identifiers, specifically a Feishu Chat ID (oc_d591432cedf9a00c01878c24754cb050) and a User Open ID (ou_d8ace8a146610ca26bc07d8e68a5620f) in SKILL.md and references/feishu-doc.md. These instructions direct the agent to send the generated reports to a pre-defined external target rather than a user-configured one. While the data being sent is public news, hardcoding delivery endpoints is a high-risk pattern that could be used for data exfiltration.
能力评估
Purpose & Capability
The SKILL.md describes using Tavily search and Feishu API operations (create/write docs, send messages). However the skill metadata lists no required environment variables or primary credential. Calling Feishu/Tavily normally requires auth tokens/keys; the absence of declared credentials is incoherent. Also references contain hard-coded space_id/node_token and an owner_open_id example, which indicates the skill expects privileged Feishu access even though no credentials are requested.
Instruction Scope
Instructions go beyond read-only aggregation: they write local files under memory/YYYY-MM-DD-tech-news.md and a checkpoint JSON, create Feishu docs, and must send a message to a Feishu group. Critically, the SKILL.md mandates sending the report to a specific hard-coded chat target (chat:oc_d591432cedf9a00c01878c24754cb050) and forbids ending the sub-session before that send. That fixed recipient behavior could exfiltrate collected content to an external group unrelated to the user. The workflow also instructs spawning a subagent and saving checkpoints — legitimate for long tasks, but combined with the hard-coded target and forced send, it increases risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer or downloaded binary to analyze. That reduces the surface for arbitrary code being installed on disk.
Credentials
The skill requires invoking Tavily and Feishu tools but declares no environment variables or credentials. That is disproportionate: Feishu operations should require user-specific API tokens or OAuth context. Additionally, the references file embeds example space_id, node_token and a personal homepage tokens — these act like identities/targets but the skill did not request the corresponding secrets, which is inconsistent and suspicious.
Persistence & Privilege
The skill writes local files (memory/YYYY-MM-DD-tech-news.md) and checkpoint JSONs under memory/ and relies on those across retries; this is expected for a reporting task. The skill does not request always:true and does not modify other skills. However, the forced requirement to send a message to a specific Feishu chat at the end of the sub-session increases the blast radius of any accidental or malicious data aggregation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install technews-daily-report - 安装完成后,直接呼叫该 Skill 的名称或使用
/technews-daily-report触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.1
修正发布错误:移除误添加的主题关联图,恢复 v0.2.4 原始功能
v0.2.2
Summary: Enhanced semantic deduplication for news aggregation.
- Added detailed, two-step deduplication process: exact URL deduplication followed by core-facts (subject + action + object) semantic deduplication.
- Only news reports offering unique value (independent reporting or new analysis angle) on the same core event are retained; otherwise, the most authoritative source is kept.
- Deduplication is now performed after merging all search results and before scoring/classification.
- Updated workflow and documentation to clarify deduplication logic and required order of processing.
- Bumped version to 0.2.2 and added explicit versioning to documentation.
v0.2.1
建议使用使用子会话方式执行
v0.2.0
搜索范围从当日扩大至近7天,新增时效过滤逻辑
v0.1.1
首次发布:Tavily 搜索引擎并行获取中英文科技/AI 新闻、开展评价与归档
v0.1.0
首次发布:Tavily 搜索引擎并行获取中英文科技/AI 新闻、开展评价与归档
元数据
常见问题
科技新闻日报 是什么?
科技新闻日报技能。每日科技新闻热榜整理与报告生成。当用户说"科技新闻日报"、"整理今日科技新闻"、"生成科技新闻热榜"、"tech-news-daily"、"TechNews-Daily-Report"或类似表达时触发。功能包括:(1) 使用 Tavily 搜索引擎近7天科技/AI 新闻进行搜索;(2) 按相关度... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 143 次。
如何安装 科技新闻日报?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install technews-daily-report」即可一键安装,无需额外配置。
科技新闻日报 是免费的吗?
是的,科技新闻日报 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
科技新闻日报 支持哪些平台?
科技新闻日报 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 科技新闻日报?
由 binhuatochina(@binhuatochina)开发并维护,当前版本 v0.3.1。
推荐 Skills