News Brief Skill

v1.0.0

根据用户设定的兴趣方向，每天定时获取对应领域的新闻内容，生成摘要简报并推送至用户指定渠道，支持用户反馈与Skill优化。

⭐ 0· 58·0 current·0 all-time

bythiswin@17oko

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 17oko/news-brief-skill.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "News Brief Skill" (17oko/news-brief-skill) from ClawHub.
Skill page: https://clawhub.ai/17oko/news-brief-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install news-brief-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install news-brief-skill

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The code files and SKILL.md match the stated purpose: multi-source news fetching, summarization, multi-channel push, and feedback-driven optimization. The included modules (news_fetcher, summarizer, pusher, config manager, feedback handler) are appropriate for this functionality.

ℹ

Instruction Scope

Runtime instructions are reasonable: copy skill into OpenClaw, install listed Python deps, configure optional API keys/webhooks, and set user preferences. However, SKILL.md/documentation claims '不存储用户身份信息' while the implementation stores per-user configs and user_id directories under data/users; it also instructs storing credentials (email, webhooks) which the code persists. This is a privacy/accuracy mismatch.

✓

Install Mechanism

There is no install spec that downloads external artifacts; the package is delivered as source files. Dependencies are standard Python packages (requests, bs4, feedparser, cryptography, etc.) declared in the docs. No remote installers, obscure URLs, or extracted archives were used.

Credentials

The skill requests no environment variables in the registry metadata, but the code expects and persists sensitive credentials (SMTP creds, Telegram bot token, DingTalk webhook, etc.) in per-user config files. Those fields are 'encrypted' by the skill, but the ConfigManager generates and stores the encryption key to config/encryption.key on disk (the code comments even say it should come from an environment variable). Storing the key alongside the encrypted data undermines the protection and is disproportionate given the claimed 'privacy' guarantees.

Persistence & Privilege

The skill persists user configs, backups, logs, and an encryption key under the skill project (data/, config/encryption.key, data/backups/). It does not request elevated platform privileges, nor is always:true set, but writing persistent credentials and a plaintext encryption key to the skill's directory increases risk if the host or skill directory is accessible by other parties.

What to consider before installing

This skill appears to implement the advertised news-aggregation and push features, but check these before installing: - Understand where credentials will be stored: the skill saves per-user configs (email, webhook tokens, etc.) under data/users and backs them up. If those directories are on a shared host, others may access them. - Encryption is implemented, but the encryption key is generated and saved to config/encryption.key by default. That means anyone with filesystem access to the skill folder can decrypt stored secrets. Prefer supplying an encryption key from a secure secret store or environment variable and confirm the key file is not committed or exposed. - The documentation claims it does not store user identity, but the code stores user IDs and per-user directories. If that conflicts with your privacy requirements, do not install as-is. - Review and restrict filesystem permissions for the skill directory (config/ and data/), and consider running it in an isolated environment. - There are some code-quality issues (e.g., a missing import and other truncated blocks in the provided sources) — you should test in a safe environment before enabling automatic daily runs. If you want to proceed: (1) provide credentials only when necessary, (2) replace the on-disk encryption key with a key from a secure secret manager or environment variable, (3) restrict access to the skill directory, and (4) audit any additional omitted files not included here.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3cx6gpbeshpmh78cz85efd84ymya

58downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

News Brief Skill

智能新闻简报助手：基于用户兴趣定制，每日自动推送领域新闻摘要，支持多渠道推送和持续优化。

🎯 核心功能

1. 智能新闻获取

多源聚合: 集成API接口、网页爬虫、RSS订阅三种获取方式
领域分类: 预设科技、财经、时政等权威新闻渠道库
自动更新: 渠道IP/域名自动检测和切换，确保获取稳定性
智能去重: 相似度≥80%的新闻自动去重

2. 个性化简报生成

兴趣定制: 支持用户设置具体兴趣关键词
摘要规范: 每条新闻包含标题→关键摘要(50-80字)→来源→可信度
排版灵活: 支持紧凑/标准/宽松等多种排版样式
可信度标注: 权威/可信/普通三级可信度评估

3. 多渠道智能推送

渠道支持: 微信、邮件、钉钉等多渠道推送
时间定制: 支持自定义推送时间和频率
失败切换: 主渠道失败自动切换备用渠道
状态反馈: 推送成功/失败状态实时反馈

4. 持续优化机制

主动反馈: 每次推送后主动询问用户优化需求
智能学习: 自动记录用户偏好，减少重复优化
预览确认: 优化后推送预览版，用户确认后正式应用
版本回溯: 支持恢复到历史配置版本

⚙️ 触发条件

当用户说出以下关键词时激活此skill：

"新闻简报"
"每日新闻"
"领域新闻"
"定制新闻"
"新闻推送"

📋 使用流程

首次使用

用户触发技能
引导设置兴趣领域和关键词
配置推送渠道和时间
选择简报格式偏好
开始每日自动推送

日常使用

每日按设定时间自动推送简报
推送后主动询问优化需求
用户可随时发送"反馈"或"优化"触发调整
系统根据反馈持续优化推送质量

🔧 技术架构

核心模块

交互模块: 处理用户反馈和优化请求
优化模块: 执行内容、格式、渠道优化
推送模块: 多渠道智能推送管理
工具模块: API/爬虫/RSS工具管理
新闻获取模块: 渠道管理和新闻抓取
总结模块: 简报生成和格式化

数据安全

加密存储: 用户凭证AES-256加密
独立存储: 每个用户独立配置目录
隐私保护: 不存储用户身份信息
定期备份: 自动备份配置和日志

📊 配置要求

依赖包

pip install requests beautifulsoup4 cryptography feedparser python-dateutil

可选API密钥

NewsAPI (可选)
邮件SMTP配置 (可选)
钉钉机器人Webhook (可选)

🔄 维护计划

每日: 渠道可用性检测、新闻获取、简报推送
每周: 工具可用性检测、性能优化
每月: 渠道库更新、功能迭代
每季度: 安全审计、用户反馈分析

📚 参考资源

config/ - 配置文件目录
scripts/ - 核心脚本目录
data/users/ - 用户数据目录
references/documentation.md - 详细使用文档

Comments

Loading comments...