每日综合新闻(基于news-aggregator-skill并发送至飞书文档)
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill matches a daily news-report workflow, but users should verify the separate local news-aggregator dependency, optional proxy, and optional Feishu document write.
This looks like a benign news-report wrapper. Before installing or invoking it, make sure the referenced news-aggregator-skill is already installed from a trusted source, avoid the hard-coded proxy unless it is yours, and confirm any Feishu document creation or sharing permissions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the referenced local dependency is untrusted or modified, invoking this skill could run code the user has not reviewed.
The submitted artifact is only SKILL.md, but it relies on scripts from a separate already-installed news-aggregator skill, so that dependency's code and provenance are outside this review.
cd ~/.openclaw/workspace/技能/news-aggregator-skill python3 scripts/fetch_news.py --source hackernews,weibo,v2ex --limit 15
Use this only with a trusted and reviewed installation of news-aggregator-skill.
The workflow depends on executing local Python code to collect news.
The skill instructs the agent to run local Python scripts. This is expected for fetching news and is scoped to named scripts and sources, but it is still local command execution.
python3 scripts/fetch_news.py --source github,producthunt,36kr --limit 15
Confirm the referenced scripts are trusted before running the skill, especially if the local dependency was installed from an unknown source.
If used, news-fetching traffic may be routed through that proxy, which may fail or expose connection metadata if the proxy is not trusted.
The skill optionally sets a hard-coded proxy for network access. This is purpose-aligned for fetching news but is specific to one network environment.
export HTTP_PROXY=http://192.168.110.9:7890 export HTTPS_PROXY=http://192.168.110.9:7890
Only set a proxy you control or trust; otherwise skip this optional step.
A report could be created under the user's Feishu account or workspace with whatever permissions the chosen integration has.
Creating or writing a Feishu document may require account credentials and can mutate cloud workspace content. This is optional and aligned with the skill's purpose, but credential scope and sharing settings are not specified.
5. (可选)创建飞书文档并写入
Before enabling Feishu output, confirm the target document/workspace, sharing settings, and use least-privileged credentials.