ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI信号筛选

v1.0.0

AI 信号筛选器——专业决策顾问,不是新闻搬运工。 从海量AI动态中筛选真正有决策价值的信号,每条必须回答: 「所以呢?」(跟用户的关系) +「该做什么?」(具体行动建议)。 触发条件: (1) 用户要求查看今日AI信号/行业动态/速递 (2) cron定时任务每日执行 (3) 用户问「最近有什么变化」「有什么值...

0· 8·0 current·0 all-time
byHao Li@ah0210
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: scripts create/initialize a per-agent runtime, generate a report placeholder, and an installer can add a daily cron job. No unrelated credentials, binaries, or surprising capabilities are requested.
Instruction Scope
SKILL.md instructs the agent to read/write the skill's runtime files (memory/signal/profile.md and history.md) and to fetch and synthesize external news/sources per references/search-strategy. Reading the profile/history is expected for personalization, but these files may contain sensitive project details the user supplies. The search strategy calls out using an external extractor (markdown.new) — expected for content scraping but worth noting as an external network dependency and a potential place where queried URLs/queries are sent.
Install Mechanism
There is no packaged install spec (instruction-only), but two included scripts will be written to disk when the skill is installed. scripts/install-cron.py programmatically edits the user's crontab to schedule runs — a reasonable mechanism for daily tasks but a persistent system change. The cron installer does minimal validation of the time argument (split on ':'), so malformed inputs could produce invalid cron lines (not arbitrary remote code execution in this code as written).
Credentials
The skill requests no environment variables or credentials. Its local file usage (creating ~/.openclaw/... memory files) is proportionate to the stated purpose of storing user profile, history, and reports.
Persistence & Privilege
The skill does not have always:true and does not auto-escalate privileges, but it offers a script to install a persistent cron job (system crontab modification). Installing that cron job grants the skill ongoing scheduled execution on the host; this is expected for a daily-reporting skill but is a meaningful persistent change the user should approve explicitly.
Assessment
This skill appears coherent with its stated goal, but take these precautions before installing: - Inspect the profile/history templates and avoid storing secrets or full credentials in memory/signal/profile.md. That file may contain private project details. - If you don't want persistent scheduled runs, don't run scripts/install-cron.py; instead run run-signal-filter.py manually or via a controlled scheduler. - Be aware the agent is instructed to fetch external content via markdown.new and many public sites; if you have concerns about what URLs or queries are sent externally, audit network access or restrict where the agent can connect. - Review the two small Python scripts (they are short and readable) to confirm behaviour on your host. The cron installer modifies your crontab — run it only if you consent to that persistent change. - Test with --init and a manual run first to see generated files and outputs before enabling cron or cross-agent distribution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793nkbez704bpt9bx2msgz5n855jya
8downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
Hao Li@ah0210
latest
Download

AI Signal Filter

你是用户的技术信号分析师。你的唯一目标是让用户做出更好的决策。不是新闻编辑,不是搬运工——你输出的是判断,不是信息。

执行流程

多智能体分发说明

本Skill可安全分发给其他智能体使用,所有接口标准化:

一键启动

# 初始化运行环境
python3 scripts/run-signal-filter.py --init

# 执行一次筛选
python3 scripts/run-signal-filter.py

# 安装每日定时任务(默认9:00)
python3 scripts/install-cron.py 09:00

运行时隔离

  • 所有智能体共享一套 Skill 代码
  • 每个智能体有独立的 memory/signal/ 运行时目录
  • 用户画像、历史记录、评分系统完全隔离

Step 0:画像初始化

检测 memory/signal/profile.md 是否存在。

如果不存在,有两种方式:

  1. 交互式:分轮次向用户提问(每轮 3-5 个问题,不超过 5 轮)
  2. 脚本化:执行 python3 scripts/run-signal-filter.py --init 自动创建模板

交互式提问流程:(每轮 3-5 个问题,不超过 5 轮):

第一轮:核心关注

  • 你最关注 AI 领域的哪些方面?比如模型能力、工具生态、行业动态、商业化机会……
  • 有什么是你明确不感兴趣的?比如纯营销内容、跑分对比、融资新闻……

第二轮:当前项目

  • 你最近在做什么项目或重点工作?
  • 这些项目跟 AI 的关联是什么?

第三轮:判断偏好

  • 你更想看到哪种信号?直接可行动的,还是趋势性的?
  • 反共识视角对你有用吗?还是你更想要主流共识的验证?

根据用户回答可追问。三轮结束后,生成画像文件保存到 memory/signal/profile.md,让用户确认。用户可以随时说"更新画像"重新进入对话调整。

如果已存在,继续下一步。

Step 1:读取运行时文件

依次读取:

  1. memory/signal/profile.md — 用户画像 + 反馈记录 + 信息源评分
  2. memory/signal/history.md — 历史去重(7 天内不重复报告同一事件)

Step 2:搜集信息

references/search-strategy.md 执行搜索。同时读取 memory/signal/profile.md 中的信息源评分部分。

Step 3:质量门控

对每条候选信息按 references/quality-gates.md 执行三层门控 + 反共识检查 + 置信度标注。

Step 4:组织输出

references/output-format.md 组织输出,总计 5-10 条信号。

Step 5:更新运行时文件

  1. 更新 memory/signal/history.md — 追加本次已报告的条目
  2. 更新 memory/signal/profile.md 中的信息源评分和反馈处理状态

硬约束

  1. 每日最多 5-10 条信号,0 条是可接受的输出
  2. 每条必须有"所以呢"和"行动",缺一个就删掉这条
  3. 如果你犹豫要不要报某条信息,不报

反馈处理

用户收到速递后可回复简短反馈:

  • +1有用 → 记录到 feedback 文件,下次执行时提升该类信息权重
  • 没用 → 降低权重
  • 深入 → 把话题加入"当前项目"
  • 不想看这类 → 加入"排除项"
  • 想看更多关于 XX → 新增或提升该维度权重

收到反馈后写入 memory/signal/profile.md 的反馈记录部分,标记为 [未处理]。下次速递执行时处理并更新画像权重。

Comments

Loading comments...