ClawHub

Exwind Monitor

v1.0.0

每10分钟监控EXWIND网站更新,检测到新内容时自动发送飞书消息提醒。

0· 70·1 current·1 all-time
by@lorexxar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (monitor EXWIND and send Feishu messages) matches the code and SKILL.md. The script parses an agent-browser snapshot of exwind.net, tracks seen IDs in /tmp/exwind_state.json, and prints a JSON payload for the agent to send — all expected for a site-monitoring notifier.
Instruction Scope
SKILL.md instructs running the included Python script every 10 minutes and then using the agent's message tool to send the printed JSON. The script only reads/writes the documented state file and uses agent-browser to open/snapshot the site; it does not attempt to read unrelated files or exfiltrate credentials.
Install Mechanism
There is no install spec (instruction-only skill) and one included script. Nothing is downloaded from external URLs or extracted on install. The runtime behavior executes the bundled script, which is normal for an instruction-only skill that ships code.
Credentials
The skill requires no environment variables, credentials, or config paths. The script defines FEISHU_WEBHOOK and OPENCLAW_CONFIG variables but does not use any secrets or external tokens; this is proportionate to a simple notifier.
Persistence & Privilege
always is false and the skill does not request permanent/privileged presence or modify other skills. It writes a local state file (/tmp/exwind_state.json) which is appropriate for its function.
Assessment
This skill appears to do exactly what it says: every 10 minutes it uses the agent-browser to open exwind.net, takes a snapshot, parses new posts, stores seen IDs in /tmp/exwind_state.json, and prints a JSON payload that the agent should deliver as a Feishu message. Before installing, confirm you trust (1) the EXWIND site being scraped and (2) the agent/browser integration (agent-browser) because the script automates the agent-browser CLI. If you want direct webhook delivery instead of relying on the agent's message tool, note the script defines FEISHU_WEBHOOK but does not use it — you'd need to modify the script to add a webhook and provide its secret. If you have any policies about writing to /tmp or running subprocess commands, review the script source (it's included) — the script uses subprocess.run(shell=True) for fixed commands (agent-browser) but does not inject untrusted content into shell commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97begb8ehntv2j67w1f3h52z983sgqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments