← 返回 Skills 市场
Young Post Downloader
作者
cgxxxxxxxxxxxx
· GitHub ↗
· v1.0.0
· MIT-0
119
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install young-post-downloader
功能描述
自动下载 Young Post Club Spark 网站文章并生成 PDF。使用场景:用户要求下载 Today's Read 文章、获取 Young Post 内容、批量抓取教育文章、生成学习材料 PDF、上传飞书云空间。支持:自动解析文章列表、批量下载、HTML 排版、PDF 转换、飞书上传。
安全使用建议
This skill appears to do what it says (download Spark articles, make HTML/PDF, upload to Feishu), but a few practical details are missing: 1) Confirm the agent environment provides the web_fetch and feishu_drive_file capabilities (those will handle network requests and Feishu authentication). 2) Ensure google-chrome (headless) is installed on the host — the skill runs 'google-chrome' but the registry didn't list any required binaries. 3) Check where files will be written (WORKSPACE defaults to /home/admin/.openclaw/workspace) and that you’re comfortable with that path and its permissions. 4) Verify Feishu credentials/permissions are available to whatever platform skill performs uploads; the skill itself does not declare or manage OAuth tokens. 5) Respect copyright and rate limits when scraping. If you need higher assurance, ask the author to (a) declare required binaries and credentials in the registry metadata, and (b) replace os.system calls with explicit, audited subprocess calls or platform-provided PDF conversion APIs.
功能分析
Type: OpenClaw Skill
Name: young-post-downloader
Version: 1.0.0
The skill bundle implements a workflow for scraping articles and converting them to PDF, but it contains a significant security vulnerability in `scripts/download_articles.py`. The `convert_to_pdf` function uses `os.system` to execute a shell command with f-string interpolation, which is a classic shell injection risk. While the current implementation uses date-based filenames, this pattern is inherently dangerous in an agentic environment. Additionally, the skill requires broad permissions including web fetching, local shell execution, and cloud storage interaction (Feishu/Lark), which could be repurposed for data exfiltration if the agent is compromised via prompt injection.
能力标签
能力评估
Purpose & Capability
Name/description, SKILL.md, and the two included scripts are coherent: they fetch Young Post Spark pages, parse article links, produce HTML/PDF, and upload to Feishu. The skill delegates web fetching and Feishu uploads to other platform skills (web_fetch, feishu_drive_file), which is expected. Minor issue: the skill relies on a local Chrome binary for PDF conversion and a workspace path (/home/admin/.openclaw/workspace) but does not declare the chrome binary or explain required Feishu credentials in the registry metadata.
Instruction Scope
SKILL.md and the scripts restrict actions to the declared workflow: fetch Spark page(s), extract article links, download content, create HTML, convert to PDF, upload to Feishu. They do not instruct reading unrelated system files or contacting unknown endpoints. The web_fetch/feishu calls imply network I/O and uploading user data to Feishu, which is appropriate for the stated purpose.
Install Mechanism
There is no install spec (instruction-only plus scripts bundled). No external downloads or archive extraction are used. This lowers installation risk; nothing is pulled from arbitrary URLs.
Credentials
The skill uses google-chrome to print to PDF and expects Feishu upload capability, but the registry metadata lists no required binaries or credentials. Specifically: (1) SKILL.md and the code call 'google-chrome' but 'required binaries' is empty — the runtime may fail if Chrome is absent. (2) The skill uploads to Feishu (feishu_drive_file) but declares no Feishu credentials; it appears to rely on another platform skill for auth, which is plausible, but you should confirm that Feishu authentication will be handled by the agent environment and that no undeclared secrets are needed. (3) It writes files to a default workspace (/home/admin/.openclaw/workspace) — verify this path is acceptable and writable and that it won't overwrite important data.
Persistence & Privilege
The skill is not marked 'always: true' and does not request elevated or persistent system privileges. It does not modify other skills' configurations. Autonomous invocation is allowed (platform default) but that is expected for this kind of skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install young-post-downloader - 安装完成后,直接呼叫该 Skill 的名称或使用
/young-post-downloader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
young-post-downloader v1.0.0
- Initial release for automated downloading of Young Post Club Spark articles.
- Supports batch downloading, article categorization, and conversion to HTML and PDF.
- Integrates with Feishu for cloud file upload.
- Includes filters for specific categories and customizable output options.
- Provides clear workflow, error handling, and usage guidance.
元数据
常见问题
Young Post Downloader 是什么?
自动下载 Young Post Club Spark 网站文章并生成 PDF。使用场景:用户要求下载 Today's Read 文章、获取 Young Post 内容、批量抓取教育文章、生成学习材料 PDF、上传飞书云空间。支持:自动解析文章列表、批量下载、HTML 排版、PDF 转换、飞书上传。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 119 次。
如何安装 Young Post Downloader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install young-post-downloader」即可一键安装,无需额外配置。
Young Post Downloader 是免费的吗?
是的,Young Post Downloader 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Young Post Downloader 支持哪些平台?
Young Post Downloader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Young Post Downloader?
由 cgxxxxxxxxxxxx(@cgxxxxxxxxxxxx)开发并维护,当前版本 v1.0.0。
推荐 Skills