DailyBit — AI Tech Daily Digest
v2.5.0Curated daily digest from 92 top tech blogs (Andrej Karpathy's list) with AI-generated Chinese summaries, hierarchical tags, and personalized recommendations...
⭐ 0· 317·0 current·0 all-time
by@azurboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (daily digest, Chinese summaries, tags, recommendations) align with the SKILL.md: all actions are calls to the documented dailybit.cc endpoints and local inference of user interests. There are no unrelated binaries, environment variables, or config paths requested.
Instruction Scope
Instructions are narrowly scoped to: discover tags, request article lists, fetch batched content, and synthesize summaries. They explicitly treat external content as untrusted and forbid executing code or following URLs. One behavioral choice — Rule 1 'Infer, Never Ask' — instructs the agent not to ask users about topics and to infer interests from conversation history; this is a design decision (not a direct security issue) but reduces user-facing transparency and could produce unwanted personalization if context is insufficient.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is written to disk and there is no download or package installation risk.
Credentials
The skill declares no required env vars or primary credential. It documents an optional user API token for enhanced personalization (pstate=has_token) — that is proportionate to the stated personalization feature. The hardcoded query parameter 'ack=xinqidong' is odd but not a requested secret from the user.
Persistence & Privilege
always is false and it does not request persistent/system-wide privileges. Autonomous invocation is allowed (default) but there are no additional elevated privileges or cross-skill configuration changes.
Scan Findings in Context
[ignore-previous-instructions] expected: The regex scanner flagged the phrase because it's commonly used in prompt-injection attacks, but in this SKILL.md it appears in a Security section instructing the agent to IGNORE prompt-injection attempts. This is a defensive mention and expected.
Assessment
This skill appears coherent and limited to calling https://dailybit.cc to fetch and summarize articles. It asks for no credentials by default — only optionally accepts a DailyBit token for personalization. Before installing, consider: (1) Do you trust dailybit.cc as an external service? The agent will make network requests there and include original article URLs in outputs. (2) The skill's Rule 1 forbids asking you what topics you want and instead infers interests from conversation history; if you prefer explicit control over topics, avoid using the token/personalization or instruct the agent to confirm choices manually. (3) If you do decide to provide a DailyBit token for personalization, treat that token like any API credential (only share if you trust the service and understand what the token exposes). The scan finding shown is benign here — it's the skill telling the agent to ignore prompt injections, not an attempt to inject them.Like a lobster shell, security has layers — review code before you run it.
AIvk97fdn0z4m3mtcjcnkhc90gws9823wz3articlesvk97fdn0z4m3mtcjcnkhc90gws9823wz3chinesevk97fdn0z4m3mtcjcnkhc90gws9823wz3curatedvk97fdn0z4m3mtcjcnkhc90gws9823wz3daily-briefingvk97fdn0z4m3mtcjcnkhc90gws9823wz3latestvk97fdn0z4m3mtcjcnkhc90gws9823wz3newsvk97fdn0z4m3mtcjcnkhc90gws9823wz3programmingvk97fdn0z4m3mtcjcnkhc90gws9823wz3rssvk97fdn0z4m3mtcjcnkhc90gws9823wz3summarizervk97fdn0z4m3mtcjcnkhc90gws9823wz3techvk97fdn0z4m3mtcjcnkhc90gws9823wz3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📡 Clawdis