每日热榜
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the separate backend is installed, it may run code that was not part of the reviewed skill package.
The skill instructs users to run a deployment script for a separate DailyHotApi service. That backend script is not included in the supplied daily-hot-news file manifest, so its behavior and provenance are outside this review.
cd /root/.openclaw/workspace/skills/daily-hot-api # 部署并启动服务 ./deploy.sh
Verify the DailyHotApi source and deploy.sh contents before running it, and prefer pinned, trusted dependencies.
Background services or scheduled jobs may continue to run and send messages until explicitly stopped.
The skill discloses persistent/background operation through PM2 and scheduled cron-style pushes. This is aligned with the stated scheduled-news feature, but it can keep running after the initial request.
DailyHotApi 服务使用 PM2 管理,确保稳定运行。 ... 用户: 每天早上8点推送B站热门 Skill: 设置 cron 任务 → 每日调用 /bilibili → 推送到飞书
Only enable scheduled push if desired, confirm the destination, and keep clear stop/removal instructions for PM2 and any cron job.
Local history files may accumulate and reflect what platforms or topics were queried.
The skill defaults to automatically saving fetched hot-list data locally, creating persistent history for later use.
self.data_dir: str = os.getenv("DAILY_HOT_DATA_DIR", "/root/.openclaw/workspace/skills/daily-hot-news/data")
self.auto_save: bool = os.getenv("DAILY_HOT_AUTO_SAVE", "true").lower() == "true"Use DAILY_HOT_AUTO_SAVE=false if history is not wanted, or periodically clear old data with the documented cleanup command.
If enabled, selected hot-list content will be sent to a Feishu destination outside the local OpenClaw environment.
The skill advertises outbound Feishu message delivery for scheduled hot-list pushes. This is disclosed and purpose-aligned, but the provided artifacts do not show the Feishu credential or destination-scoping details.
定时推送 - 自动推送热榜到飞书
Confirm the Feishu target and credentials before enabling push notifications, and avoid sending private notes or custom keywords unless intended.