ClawHub

WitPulse-redditnews

v1.0.7

主动式 Reddit 科技热点感知,结合当前会话上下文,以毒舌幽默风格生成科技圈热点点评。

0· 204·1 current·1 all-time
by钱与时@qianyushi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Reddit tech hot-spot monitoring + contextual commentary) align with the included scripts: fetch_reddit.py (RSS fetch), curator.py (filtering by interests), send_quote.py (formatting), and validate_subreddits.py. The listed subreddits in config.json are consistent with a tech/news focus.
Instruction Scope
SKILL.md instructs the agent to run specific local scripts under the skill folder and to use config.json; the scripts only read their own config/data files and fetch public Reddit RSS feeds. There are no instructions to read arbitrary user files, other skills' configs, or to send data to unexpected external endpoints.
Install Mechanism
There is no remote install/download; install.sh is a small, local initializer that creates a data directory and default config. No archives or network-based installers are used.
Credentials
The skill declares no required environment variables or credentials and the code only contacts reddit.com RSS endpoints with a User-Agent header. No secret access or unrelated services are requested.
Persistence & Privilege
always is false. The skill writes only to its own data directory and does not modify agent-wide configuration or other skills. Autonomous invocation is allowed (platform default) but not excessive here.
Assessment
This skill appears to do what it claims: periodically fetch Reddit RSS feeds, filter by configured subreddits/interests, and produce markdown-formatted items. Before installing: (1) confirm you trust the skill source (registry shows an owner id but no homepage); (2) inspect config.json to ensure only subreddits you want are listed; (3) run scripts/validate_subreddits.py to check connectivity; (4) be aware outputs are plain text with links to Reddit (no credentials required), so no secret exfiltration is apparent; (5) note a minor metadata mismatch (SKILL.md header v1.1.0 vs registry v1.0.7) — likely benign but worth confirming. If you want stronger safety, run the scripts in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v5sbzds0kjmnq1kndynnfn82sp9e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments