← 返回 Skills 市场
1667
总下载
1
收藏
7
当前安装
6
版本数
在 OpenClaw 中安装
/install topic-to-article-kit
功能描述
Turn a chosen AI topic into a public-account writing package: collect evidence from X/Twitter and other sources, extract high-value comments, and produce title options + structured outline written into Obsidian. Use when user asks for topic-based research and article prep.
安全使用建议
This skill appears to do what it says (collect web evidence and write Obsidian notes) but its instructions require direct writes to your real Obsidian vault and browser control while the metadata declares no filesystem/config permissions. Before installing or invoking it, consider: 1) Ask the skill author (or require the agent) to prompt you for the exact absolute vault path on every run rather than using a default. 2) Require an explicit user confirmation before any file write, and request a preview of proposed file names/contents. 3) Run it first in a sandbox or against a workspace mirror copy of your vault to confirm behavior and avoid accidental overwrites. 4) Back up your Obsidian vault before use. 5) If you don't want the agent to control your real browser, restrict it to a browser automation environment or disable autonomous invocation. 6) If possible, require the skill to declare any config paths or tools it needs (e.g., browser automation hooks) so you can reason about permissions. These steps reduce the risk of accidental data writes or unintended data exposure.
功能分析
Type: OpenClaw Skill
Name: topic-to-article-kit
Version: 1.0.5
The skill bundle instructs the AI agent to perform web scraping and write files directly to the user's local Obsidian vault using an "absolute path under user's real vault," as specified in `SKILL.md`. While the stated purpose of creating research notes and outlines is benign, the instruction to bypass potential workspace sandboxing and write to an absolute path on the user's file system represents a high-risk capability. This could be exploited as an arbitrary file write vulnerability if the agent's path resolution or file system access controls are flawed, even though the skill itself does not demonstrate explicit malicious intent like data exfiltration or backdoor installation.
能力评估
Purpose & Capability
The declared purpose (collect web evidence and produce Obsidian notes) matches the behavior in SKILL.md, however the skill instructs the agent to write directly into the user's real Obsidian vault using absolute paths and to verify files there. The metadata did not declare any required config paths, permissions, or environment variables to justify direct filesystem access. Requesting write/read access to arbitrary user vault paths is a disproportionate capability relative to the simple research/outline purpose without explicit permission or path declaration.
Instruction Scope
SKILL.md explicitly tells the agent to: (a) collect evidence from web sources (x.com, HN, TechCrunch, GitHub), (b) extract high-value comments, (c) control browser tabs (open/close, limit to 7), and (d) Always write to the real Obsidian Vault visible directory (absolute path) and verify files exist there. These file-system and browser-control instructions go beyond content generation and require runtime access to the user's filesystem and browser tooling. The directive to always write to the user's real vault (never the workspace mirror) is particularly risky and is not constrained or clarified.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installation risk. Nothing will be written to disk by an installer, but the runtime instructions themselves request filesystem writes.
Credentials
The skill declares no required env vars or config paths, yet its instructions require writing to and verifying files in the user's Obsidian vault (absolute paths). That is a mismatch: either the skill should declare the config path permission or request explicit path input from the user. Also, controlling the browser implies use of tooling that may have access to session data; none of this is reflected in the declared requirements.
Persistence & Privilege
always is false (good), and autonomous invocation is allowed by default. But combined with instructions to access the user's filesystem and control browser tabs, autonomous invocation increases the blast radius: the agent could autonomously read/write files and browse sites unless the platform enforces prompts. The skill does not request or document safeguards like explicit user confirmation before file writes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install topic-to-article-kit - 安装完成后,直接呼叫该 Skill 的名称或使用
/topic-to-article-kit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
Fix YAML frontmatter parsing (quote description).
v1.0.4
Enforce real Obsidian visible absolute path writes, verify file existence before completion, and return only visible relative paths.
v1.0.3
Enforce real Obsidian visible path and prioritize official x.com sources for topic research before other search sources.
v1.0.2
Fix Obsidian write path: enforce writing to real vault path first; keep minimal two-file article structure and tab cleanup policy.
v1.0.1
Add browser tab control policy: max 7 tabs, close finished tabs continuously, end run with 0 temporary tabs.
v1.0.0
Initial release: topic-driven公众号写作流程,含X/多源采集、评论摘录、资料包与大纲落盘到Obsidian。
元数据
常见问题
Topic to Article Kit 是什么?
Turn a chosen AI topic into a public-account writing package: collect evidence from X/Twitter and other sources, extract high-value comments, and produce title options + structured outline written into Obsidian. Use when user asks for topic-based research and article prep. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1667 次。
如何安装 Topic to Article Kit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install topic-to-article-kit」即可一键安装,无需额外配置。
Topic to Article Kit 是免费的吗?
是的,Topic to Article Kit 完全免费(开源免费),可自由下载、安装和使用。
Topic to Article Kit 支持哪些平台?
Topic to Article Kit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Topic to Article Kit?
由 rotbit(@rotbit)开发并维护,当前版本 v1.0.5。
推荐 Skills