ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书每日早报

v1.0.3

飞书每日早报配置Skill。封装了每日早报的完整配置流程,包含数据源获取、格式整理、深圳天气查询、生活建议整合。触发关键词:早报配置、创建早报、生成早报、每日早报。

0· 86·0 current·0 all-time
by@easyhoov

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for easyhoov/feishu-morning-news.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "飞书每日早报" (easyhoov/feishu-morning-news) from ClawHub.
Skill page: https://clawhub.ai/easyhoov/feishu-morning-news
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-morning-news

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-morning-news
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes generating a morning report and explicitly instructs not to send messages (delivery handled by OpenClaw cron). However, included scripts (scripts/push.py and scripts/push.sh) implement message-sending logic and use a hardcoded target_open_id. That contradicts the stated non-sending behavior and the expectation that delivery is handled elsewhere.
!
Instruction Scope
Instructions correctly describe fetching news from https://60s.viki.moe/v2/60s and calling a weather skill. But the runtime artifacts reference and perform actions beyond the documented generation step: they send messages (via openclaw message tooling / feishu_im_user_message) and write logs to /var/log/feishu-morning-news.log. The SKILL.md forbids calling message-sending tools, yet the code does exactly that.
Install Mechanism
No install spec (instruction-only), which limits automatic installation risk. However, two executable scripts are included that, if run by the agent or a cron job, perform network calls and send messages. No external download URLs or installers are present.
!
Credentials
The skill declares no required env vars or credentials, but the scripts call platform-specific tooling (openclaw message send and openclaw.tools.feishu_im_user_message) and assume write access to /var/log and network access. The target recipient open_id is hardcoded in references/config.json and scripts, meaning installs could send messages to an unexpected recipient unless the user updates the config. There is no explicit declaration that the platform will provide Feishu credentials, which is an undeclared dependency.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However, its default config writes logs to /var/log and includes a preconfigured push target; if the package is scheduled (cron) it can autonomously send messages using platform tools. This autonomy plus hardcoded recipient increases the blast radius if deployed without review.
What to consider before installing
This skill's documentation says it should only generate the morning report and not send it, but the included scripts will send the report to a hardcoded Feishu open_id and write logs to /var/log. Before installing or enabling: (1) Inspect and, if necessary, remove or disable the send logic in scripts/push.py and scripts/push.sh; (2) Change the hardcoded target_open_id to your own recipient or make it configurable; (3) Ensure you are comfortable with logs being written to /var/log and that the agent has appropriate filesystem permissions; (4) Confirm how your OpenClaw platform provides Feishu credentials (these are not declared in the skill); (5) Run the scripts in a safe sandbox first to observe behavior. If you cannot verify and control the hardcoded recipient and sending behavior, avoid enabling automatic execution or cron scheduling.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ccvttdr8g9jkm4tqw6jvm184cqk4
86downloads
0stars
4versions
Updated 3w ago
v1.0.3
MIT-0
@easyhoov
latest
Download

飞书每日早报Skill

功能说明

封装每日早报生成的完整配置,包含:

  • https://60s.viki.moe/v2/60s API 获取今日新闻
  • 使用 weather 技能获取指定城市天气预报
  • 整理为标准Markdown格式
  • 添加生活工作健康建议
  • 使用API返回的tip作为每日箴言

配置说明

参数说明默认值
city获取天气预报的城市名称深圳
data_source新闻数据源APIhttps://60s.viki.moe/v2/60s
push_time默认推送时间每天 8:30
timeout超时限制(秒)180

使用者可根据自身情况修改城市配置。

当使用此Skill时

  1. 生成早报内容:按照固定流程生成完整早报
  2. 不直接发送消息:由OpenClaw cron系统自动投递,不要调用任何消息发送工具
  3. 保持格式规范:严格遵循约定的Markdown结构
  4. 重要提醒:只生成早报内容,系统会自动投递

标准早报生成流程

步骤

  1. 获取今日新闻:调用 GET https://60s.viki.moe/v2/60s 获取今日新闻数据
  2. 获取城市天气:调用 weather 技能获取配置城市天气预报(温度范围、天气状况、湿度、风速)
  3. 整理新闻:将新闻按重要性排序(重要新闻放前面),保持每条新闻简洁呈现,只保留核心内容
  4. 添加建议:生成工作、生活、健康各一条简短建议
  5. 添加每日一句:使用API返回的tip字段

输出格式要求

## ☀️ 今日早报 | {日期} {星期}

### 🌤️ {城市}天气
{天气状况} | 气温{温度} | {湿度} | {风速}
💡 出行建议:{出行建议}

### 📰 60秒读懂世界
{新闻列表,每条带序号}

### 💡 今日建议
- **工作**:{工作建议}
- **生活**:{生活建议}
- **健康**:{健康建议}

### 💪 每日一句
{每日箴言}

模板中的 {城市} 会替换为使用者配置的城市名称(默认为深圳)。

配置参数(参考jobs.json)

  • 数据源: https://60s.viki.moe/v2/60s
  • 默认推送时间: 每天 8:30 (Asia/Shanghai)
  • 超时限制: 180 秒
  • 推送目标: 使用者配置为自己的飞书会话

使用示例

当用户说"生成一份综合早报",加载此Skill并按照上述流程生成即可。

Comments

Loading comments...