柯南周报
v1.0.2名侦探柯南动画周报技能。每周自动收集并整理柯南最新剧情进展,包括主线剧情、特别篇、角色动态等。使用 DuckDuckGo HTML 搜索获取真实网页数据。
⭐ 0· 277·1 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (柯南周报) match the implementation: index.js searches DuckDuckGo HTML, parses results, compiles a Markdown report and saves it to a reports/ directory. Declared capabilities (weekly automated search, multi-source aggregation) align with the code's queries and parsing logic.
Instruction Scope
SKILL.md instructs using openclaw cron for scheduling and describes optional push configuration. The runtime instructions and index.js are limited to making outbound HTTP(S) requests to public search pages, parsing HTML, saving local files, and optionally POSTing to a webhook supplied via REPORT_WEBHOOK_URL. Minor mismatch: docs mention QQ/Telegram push channels generically but the code only implements a generic webhook POST (REPORT_WEBHOOK_URL); no other unexpected file reads, credential reads, or external endpoints are present.
Install Mechanism
No install spec (instruction-only) reduces installation risk. The package includes package.json and package-lock.json but no download-from-arbitrary-URL behavior. One small note: package.json lists node-fetch as a dependency but index.js uses built-in https/http — presence of an unused dependency is not harmful but unnecessary.
Credentials
No required env vars are declared; only an optional REPORT_WEBHOOK_URL is read if provided (used to POST the generated report). No credentials or unrelated environment variables are requested or accessed by the code.
Persistence & Privilege
Skill is not always-enabled and does not request elevated/system-wide privileges. It writes reports to its own reports/ directory under the skill folder and does not modify other skills or system configuration. Autonomous invocation default is unchanged but not combined with other red flags.
Assessment
What this skill will do if installed: it will perform outbound HTTP(S) requests (DuckDuckGo HTML) to gather public web results, compile and save a Markdown report under the skill's reports/ folder, and — only if you set REPORT_WEBHOOK_URL — POST the report to that webhook. Before installing, consider: 1) Only set REPORT_WEBHOOK_URL to endpoints you control/trust (don't point it to third-party services that could receive your data). 2) The skill requires network access to function; run it in an environment where outgoing requests are acceptable. 3) The source is listed as unknown; if you need stronger assurance, review the index.js locally or run in a sandboxed container. 4) The package lists an unused dependency (node-fetch) — low risk but cosmetic. If you want stricter safety, run the script manually first and verify the reports produced and any webhook traffic before enabling automated cron execution.Like a lobster shell, security has layers — review code before you run it.
animevk9737qjm6tv76awrkx6t9szn8182z6ptconanvk9737qjm6tv76awrkx6t9szn8182z6ptlatestvk9737qjm6tv76awrkx6t9szn8182z6ptweekly-reportvk9737qjm6tv76awrkx6t9szn8182z6pt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.