Ai Cv Weekly
Pluggable AI report engine generating multi-preset, multi-source briefings with smart scoring, deduplication, LLM editing, quality control, rendering, and em...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 38 · 0 current installs · 0 all-time installs
by@llx9826
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (AI report engine) aligns with the included code: sources, scoring, editors, pipeline, renderer and delivery. However the skill metadata declared no required env vars while the code clearly requires LLM credentials and optionally delivery credentials (SMTP / webhook). That mismatch between declared requirements and actual code is an inconsistency to be aware of.
Instruction Scope
SKILL.md instructions are consistent with the code (run run.py, create config.local.yaml for secrets, or rely on OPENCLAW env). The instructions do not request unrelated system files, but they do instruct creation of local secret file and running networked fetch/delivery operations. The SKILL.md contained a large embedded-logo/base64 mention (pre-scan flagged 'base64-block') which appears intended for embedding a logo but can also be used as a covert data blob — expected for embedding but worth reviewing.
Install Mechanism
No install spec was provided (instruction-only in registry), and the repository files are included directly. That lowers installer risk, but means the code will run as-is when invoked — inspect the package before execution. There are no suspicious external download URLs in an install step.
Credentials
The skill metadata declares no required environment variables, but brief/llm.py requires an LLM API key via OPENCLAW_API_KEY/OPENCLAW_TOKEN (or BAILIAN_API_KEY) and base URL variables. The project also supports SMTP and arbitrary webhook delivery (sender.py), which will need delivery credentials/URLs not declared in metadata. Requesting LLM keys and delivery credentials is reasonable for this functionality, but the omission from requires.env is a discrepancy and increases risk of accidental credential exposure. The package also persists data (custom_presets, issue counters, dedup store) to local disk — expected but note persisted content may include source text or generated output.
Persistence & Privilege
The skill writes to its own data directories (data/custom_presets, cache, issue counter, used-item JSON) for caching, deduplication and presets. It does not request always:true or attempt to modify other skills. Local persistence is reasonable for this application but consider filesystem permissions and where data is stored.
Scan Findings in Context
[base64-block] expected: A large base64 asset file (static/luna_logo_b64.txt) exists and SKILL.md mentions an embedded self-contained HTML report with logo. Embedding a logo as base64 is plausible, but such large base64 blobs can also be used to hide arbitrary data — inspect the file before trusting the package.
What to consider before installing
This package appears to implement the described AI report engine, but there are a few things to check before running it with real credentials or on production hosts:
- LLM credentials: The code requires an LLM API key (OPENCLAW_API_KEY / OPENCLAW_TOKEN or BAILIAN_API_KEY) and base URL, but the skill metadata lists no required env vars — ensure you only supply keys with least privilege and avoid using production/privileged credentials until you're confident. Consider running with a test key.
- Delivery channels: The skill can send email (SMTP) and post to arbitrary webhooks (Slack/DingTalk/Feishu/custom). Review brief/sender.py and any config examples — do not provide webhook URLs or SMTP credentials you care about until you audit the code paths that perform delivery.
- Network access: The package fetches from multiple public sources (GitHub, arXiv, HackerNews, Yahoo Finance, Eastmoney, Xueqiu, etc.). If you need to sandbox network access, run in an isolated environment or container.
- Persistence: It writes caches, dedup stores, issue counters, and saved presets under data/ — inspect these directories for any sensitive persisted content and set appropriate filesystem permissions.
- Inspect static assets: The static/luna_logo_b64.txt is a large base64 blob. Open it and verify it is actually an image/logo and not hidden data or scripts.
- Review delivery and source adapters: If you plan to use Eastmoney/Xueqiu adapters, confirm whether those adapters scrape pages or require credentials; scraping can break and sometimes involve more network surface. Also review rate limiting and error handling.
- Run in a safe test environment first: Execute the package locally with dummy config.local.yaml (no real secrets) to observe behavior, then enable credentials stepwise.
If you want, I can: (a) highlight lines in specific files that reference environment variables and external endpoints, (b) list functions that perform network calls or write to disk, or (c) extract and summarize the sender.py and llm.py behaviors in more detail.Like a lobster shell, security has layers — review code before you run it.
Current versionv4.0.0
Download zipAILLMfinancelatestreportweekly
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
🦞 LunaClaw Brief — OpenClaw Skill
Pluggable AI-Powered Report Engine | 插件化 AI 智能简报引擎
Overview / 概述
LunaClaw Brief is an OpenClaw Skill that generates intelligent reports across multiple domains. It features a plugin architecture with 8-stage pipeline, 8 data sources, 7 editor strategies, hybrid intent routing, streaming output, and multi-channel delivery.
LunaClaw Brief 是一个 OpenClaw Skill,支持多领域智能报告生成。采用插件化架构,8 阶段管线,8 个数据源,7 种编辑器策略,混合意图路由,流式输出,多渠道推送。
Presets / 预设
| Preset | Type | Description |
|---|---|---|
ai_cv_weekly | Tech | AI/CV/多模态技术深度周报 |
ai_daily | Tech | AI 技术日报 |
finance_weekly | Finance | 金融投资周报 |
finance_daily | Finance | 金融快报日刊 |
stock_a_daily | Stock | A 股日报(大盘/板块/北向资金/IPO/异动) |
stock_hk_daily | Stock | 港股日报(恒生/南向资金/中概股/IPO) |
stock_us_daily | Stock | 美股日报(S&P/NASDAQ/科技巨头/IPO) |
| Custom | Any | via --create-preset natural language |
Data Sources / 数据源
| Source | Coverage |
|---|---|
github | Open-source projects + competitor discovery |
arxiv | Academic papers |
hackernews | Tech community discussions |
paperswithcode | ML papers with code |
finnews | Financial news (HN + BBC/NYT RSS) |
yahoo_finance | Yahoo Finance RSS + market indices |
eastmoney | 东方财富 (A-share news, IPO calendar) |
xueqiu | 雪球 (hot stocks, sentiment) |
Usage / 使用方式
Via CLI
python run.py # AI/CV Weekly (default)
python run.py --preset stock_a_daily # A-share daily
python run.py --hint "今天A股怎么样" # Auto-route → stock_a_daily
python run.py --hint "帮我看看腾讯和阿里" # LLM auto-route
python run.py --preset ai_cv_weekly --email # Generate + email
python run.py --create-preset "我是新能源基金经理" # Create custom preset
python -m brief.scheduler # Run scheduled jobs
Via OpenClaw Skill API
from run import generate_report
result = generate_report({
"preset": "stock_hk_daily",
"hint": "重点关注腾讯和美团",
"send_email": True,
})
Trigger Phrases / 触发短语
- "生成周报" / "生成日报" / "generate weekly/daily"
- "生成金融周报/日报" / "generate finance report"
- "生成A股/港股/美股日报" / "generate A-share/HK/US brief"
Key Capabilities / 核心能力
- Hybrid Intent Router: Regex (instant) + LLM classification (fallback) for preset routing
- Unified Markdown Schema:
## Section→### N. Item→**Label**:→**🦞 Claw**:structure - Streaming Output:
pipeline.run_stream()yields progress events + content chunks - Multi-Channel Delivery: Email (SMTP), Webhook (Slack/DingTalk/Feishu/custom)
- Cron Scheduler: Auto-generate reports on schedule with multi-channel push
- Custom Presets: Create domain-specific presets via natural language
- Quality Control: Auto-check structure/word count, retry if below threshold
- Historical Dedup: Content fingerprinting with configurable time window
Architecture / 架构
| Pattern | Where |
|---|---|
| Adapter | BaseSource → 8 source adapters |
| Strategy | BaseEditor → 7 editor strategies |
| Pipeline | 8-stage ReportPipeline (sync + stream) |
| Registry | @register_source / @register_editor decorators |
| Observer | MiddlewareChain for timing, metrics, custom hooks |
| Factory | create_sources() / create_editor() |
| Cache | FileCache with TTL for API responses |
Configuration / 配置
Global config in config.yaml. Secrets in config.local.yaml (gitignored).
# config.local.yaml (not committed)
llm:
api_key: "your-key"
Auto-detects OpenClaw environment (OPENCLAW_API_KEY / OPENCLAW_BASE_URL) — no manual LLM config needed when running as an OpenClaw skill.
Output / 输出
- HTML: Self-contained dark-theme report with embedded Luna logo
- Markdown: Raw LLM output
- PDF: Via WeasyPrint (optional)
- Email: HTML body + PDF attachment
- Webhook: Slack/DingTalk/Feishu/custom HTTP POST
Built by llx & Luna 🐱 — where the claw meets the code. 🦞
Files
48 totalSelect a file
Select a file to preview.
Comments
Loading comments…