读书每日推荐
PassAudited by ClawScan on May 5, 2026.
Overview
This appears to do what it claims—generate WeRead recommendation cards—but users should notice the optional installs, generated HTML handling, and recurring push option.
This skill is reasonable for generating book recommendation cards from public WeRead data. Before installing, check whether you are comfortable running the local Python helper, installing optional PNG dependencies, opening generated HTML, and enabling any daily recurring push.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
PNG generation may require additional local packages that are not pinned or declared in the install metadata.
Optional PNG generation requires installing Playwright/Chromium, but the registry shows no install spec or declared dependencies. This is purpose-aligned, but users should verify package provenance before installing.
print("[错误] 需要安装 playwright: pip install playwright && playwright install chromium")Install optional dependencies only from trusted package sources, and consider adding an explicit, pinned install spec.
Opening a generated card from untrusted input could display unexpected content or unsafe links.
Card fields are inserted into the HTML template by raw string replacement. This is normal for rendering, but if a card JSON or scraped field were untrusted, unexpected markup, scripts, or unsafe links could be rendered when the HTML is opened.
html = html.replace("{{" + key + "}}", str(value))Use trusted/generated card JSON only, and escape HTML plus validate URL fields before rendering or sharing cards.
If enabled, the recommendation workflow may keep running on a schedule.
The skill documents an optional recurring automation for daily recommendations. It is user-directed and purpose-aligned, but it is persistent behavior that continues after setup.
当用户要求每日定时推送读书推荐时,创建 automation(recurring)
Only enable the recurring push when desired, confirm the schedule and delivery target, and disable it when no longer needed.