News Brief - 新闻简报
v1.0.4中文新闻门户列表抓取,可输出 Markdown 简报或 JSON/RSS,无需新闻类 API Key。当用户说:给我一份今日要闻链接简报、抓一下门户新闻标题,或类似中文新闻聚合时,使用本技能。
⭐ 5· 159·1 current·1 all-time
by极速数据@jisuapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Chinese news list scraping, Markdown/JSON/RSS output) match the included script and declared requirements (python3, optional beautifulsoup4). The optional env vars (UA, allow-list, block-private) are justified by the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run local fetch.py to download HTML or RSS and extract in-site article links; it does not ask for unrelated files, credentials, or to send data to third-party endpoints. It explicitly forbids file:// and documents private-network blocking.
Install Mechanism
No remote install or download spec; dependency is a standard pip package (beautifulsoup4) mentioned in docs. The shipped fetch.py contains the scraping logic; nothing in the spec fetches arbitrary code from unknown hosts.
Credentials
No required secrets or credentials. The only environment controls are NEWS_CN_UA, NEWS_CN_ALLOW_HOSTS, and NEWS_CN_BLOCK_PRIVATE which are reasonable for a scraper. They are optional and their purpose is explained.
Persistence & Privilege
Skill is not always-enabled, does not request elevated or persistent system privileges, and does not modify other skills or global agent configuration.
Scan Findings in Context
[pre-scan-injection] expected: No pre-scan injection signals were detected. For a scraper skill, absence of such signals is expected.
Assessment
This skill appears to be a straightforward local scraper. Before installing: (1) keep NEWS_CN_BLOCK_PRIVATE enabled (default) to avoid SSRF/private-network access; (2) if you want to limit external hosts, set NEWS_CN_ALLOW_HOSTS to an explicit whitelist; (3) be aware the skill performs HTTP(S) requests from your agent environment to the sites you request (so fetched URLs may reveal that your agent's IP hit those sites); (4) install beautifulsoup4 if you intend to use webpage parsing; (5) do not set any unrelated credentials — none are required. If you need the team to review the full fetch.py behavior, provide the remaining truncated lines for a complete audit.Like a lobster shell, security has layers — review code before you run it.
latestvk9798z2m0tnxh89bee536dw64h844h4e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📰 Clawdis
Binspython3