← 返回 Skills 市场
minglu6

v2ex-monitor

作者 minglu6 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
330
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install v2ex-monitor
功能描述
监控指定 V2EX 节点的新帖与提醒,生成 Markdown 汇总报告,支持 MCP 查询和定时拉取数据。
安全使用建议
This skill appears to implement exactly what it claims (monitor V2EX nodes, fetch notifications, generate Markdown reports, and expose MCP tools) and it only needs a V2EX API key stored in a local config file. However, before installing or running it: 1) Review and fix the code that disables TLS verification (search for ssl.CERT_NONE and ctx.check_hostname=False) — enable proper certificate validation to avoid MITM exposure of your API key and data. 2) Inspect and fix the obvious code issues (incomplete identifiers like load_con and _n) and run the scripts in a sandbox to confirm behavior. 3) Keep your V2EX API key private (the skill stores it in a local JSON file in the skill directory). 4) If you plan to let agents invoke the MCP interface automatically, be aware that any agent or integration that can call the MCP tools will be able to use your configured API key; only enable MCP/stdio for trusted agents. If you want, I can point to the exact lines that disable SSL verification and suggest secure replacements.
功能分析
Type: OpenClaw Skill Name: v2ex-monitor Version: 1.0.0 The V2EX Monitor skill bundle contains a significant security vulnerability where SSL certificate verification is explicitly disabled in both `v2ex_mcp.py` and `v2ex_monitor.py` (`ssl.CERT_NONE`). This high-risk behavior exposes users to Man-in-the-Middle (MITM) attacks when communicating with the V2EX API. While the code's logic aligns with its stated purpose of forum monitoring and lacks clear evidence of intentional malice or data exfiltration to third-party domains, the deliberate bypass of standard security protocols warrants a suspicious classification.
能力评估
Purpose & Capability
Name, description, SKILL.md, and the provided scripts consistently implement V2EX node monitoring, notification fetching, report generation, and an MCP toolset. Required capabilities (API key stored in a config file) are proportional to the stated purpose.
Instruction Scope
Runtime instructions stick to the stated task (configure API key, run monitor, start MCP). The skill reads/writes local files inside its skills directory (config and seen_* files) and only calls the declared V2EX API endpoints. However, the runtime code disables SSL certificate verification for HTTP requests in multiple places which expands the attack surface (MITM risk) and is not warranted by the stated purpose.
Install Mechanism
No install script; instruction-only install guidance and requirements.txt are provided. Dependencies (urllib3, requests, mcp, pydantic) are sensible for the functionality. No downloads from untrusted URLs or archive extraction.
Credentials
The skill does not request environment variables or unrelated credentials. It requires a V2EX API key, stored in a local JSON config file—this is appropriate and minimal for the functionality.
Persistence & Privilege
always is false and the skill only writes files under its own directory (config and seen_* data). It does not request global agent configuration or other skills' credentials. Autonomous invocation is enabled by default but not excessive here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install v2ex-monitor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /v2ex-monitor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
V2EX Monitor Skill 1.0.0 — First release - Monitor specified V2EX nodes for new posts and notifications. - Generates Markdown summary reports and saves tracking data to avoid duplicates. - Provides both command-line tools and MCP service entry for seamless integration with AI Agents and automation tools. - Modular structure with clear configuration, supporting both direct and MCP-based invocation. - No API key included—user must configure their own.
元数据
Slug v2ex-monitor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

v2ex-monitor 是什么?

监控指定 V2EX 节点的新帖与提醒,生成 Markdown 汇总报告,支持 MCP 查询和定时拉取数据。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 330 次。

如何安装 v2ex-monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install v2ex-monitor」即可一键安装,无需额外配置。

v2ex-monitor 是免费的吗?

是的,v2ex-monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

v2ex-monitor 支持哪些平台?

v2ex-monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 v2ex-monitor?

由 minglu6(@minglu6)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论