ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Keplerjai Bulletin Publish

v1.0.0

采集 AI 新闻,校验 stage1 JSON,发布 KeplerJAI 简讯,并以可迁移、面向 agent workspace 的方式生成最终摘要。

0· 30·1 current·1 all-time
by任佶@renjicode
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, prompts, and Python scripts align: they collect stage‑1 news, validate JSON, publish to keplerjai.com, and format a final message. The network targets (https://www.keplerjai.com) and the environment variables mentioned in SKILL.md and in scripts (KEPLERAI_API_KEY, KEPLERJAI_BEARER_TOKEN and optional cookie vars) are coherent with a publishing workflow. However, the registry metadata declares no required environment variables while the SKILL.md and scripts explicitly expect bearer token / cookie environment keys — this metadata omission is an inconsistency that should be corrected.
!
Instruction Scope
SKILL.md explicitly requires the agent to perform stage1 collection itself and forbids using scripts/run_saved_pipeline.py and nested 'openclaw agent ...' calls as the standard automated route. Nevertheless, the package includes scripts/run_saved_pipeline.py which explicitly resolves and invokes the local openclaw executable to run an agent (i.e., nested agent invocation). Having that script present is acceptable for manual debugging, but it contradicts the recommended automated workflow and could be misused (or learned) as an automated path. Also stage1 prompts insist the agent write local files to a workspace; the scripts read/writes files in derived workspace paths — expected for this skill but worth noting for privacy/placement of outputs.
Install Mechanism
This is an instruction‑plus‑script skill with no install spec. No arbitrary remote downloads are present. The only dependency listed in requirements.txt is PyYAML, which is reasonable. Because it’s instruction-only with local scripts, risk from install-time code fetching is low.
Credentials
The scripts read bearer tokens and optional cookies from environment variables (KEPLERAI_API_KEY, KEPLERJAI_BEARER_TOKEN, KEPLERAI_COOKIE, KEPLERJAI_COOKIE) to authenticate against keplerjai.com — that is proportionate to a publish workflow. But the registry metadata did not declare these required/optional env vars; this mismatch is important because users won’t be warned that API credentials are used. Also publish_bulletins.py supports an '--insecure' flag that disables TLS verification, which is a potentially dangerous option if used inadvertently.
Persistence & Privilege
The skill is not set to 'always: true' and is user-invocable, which is normal. agents/openai.yaml sets allow_implicit_invocation: true (permitting implicit invocation), which is a typical configuration for skills but increases the need to ensure credentials and invocation constraints are correct. The skill writes outputs into a target agent workspace (skill_root.parent/<agent_workspace>/keplerjai-bulletin-publish) — expected behavior for this workflow but you should verify where files will be written on your system.
What to consider before installing
What to check before installing: - The SKILL.md and scripts expect API credentials (KEPLERAI_API_KEY or KEPLERJAI_BEARER_TOKEN and optional cookies) but the registry metadata lists no required env vars — ask the publisher to declare these explicitly so you know what secrets will be read. - Inspect publish_bulletins.py and confirm you trust the endpoint https://www.keplerjai.com (this skill will POST content there). If you don't trust that domain, do not provide credentials and do not run the publish step. - Note the presence of scripts/run_saved_pipeline.py which will try to locate and run a local openclaw executable (i.e., spawn a nested agent). SKILL.md says that script is for manual debugging only — ensure any automated scheduling or learning does not execute this script, otherwise you may get nested agent runs that violate the intended single-layer workflow. - Be cautious about the '--insecure' option in publish_bulletins.py (it disables SSL verification). Avoid using it in production. - Confirm where outputs will be written on your machine: the scripts derive a workspace path relative to the skill location and may create files like pipeline.log, final-message.txt, publish-result.json, and stage1 JSON. If you have multiple agent workspaces, verify the target to avoid writing into an unintended directory. - If you plan to schedule or allow implicit invocation, consider restricting the skill or ensuring the environment does not contain high-privilege credentials you don't want the skill to access. What would change this assessment: - If the registry metadata is updated to declare the expected environment variables and explain the intended usage of run_saved_pipeline.py (explicitly marking it as manual-only), and if the publisher documents and justifies the keplerjai.com endpoint, the remaining concerns become minor and this would likely be 'benign'. - If additional unexpected credential names, hardcoded remote download URLs, or obfuscated network endpoints were found, the verdict would be more severe.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap1a09memt8c37z9b778fws850aed
30downloads
0stars
1versions
Updated 3d ago
v1.0.0
MIT-0
任佶@renjicode
latest
Download

KeplerJAI Bulletin Skill

当目标是完成一套从 AI 新闻采集到简讯发布汇总的 KeplerJAI 工作流时,应使用这份 skill。

设计意图

这份 skill 围绕一套可迁移结构设计:

  1. skill 目录提供提示词、脚本和工作流规则。
  2. 目标 agent workspace 存放运行产物。
  3. 面向用户的最终结果应是整理好的摘要文本,而不是中间执行报告。

这份 skill 应当能够在另一台机器上被 OpenClaw 学习并直接使用,正常情况下不应要求用户手工重写本地路径。

职责划分

OpenClaw 应负责:

  1. 读取 stage1-task-prompt.txt
  2. 采集合格的 AI 新闻条目
  3. 将 stage1 输出写入目标运行目录

随后由 Python 脚本负责:

  1. 校验 stage1 JSON
  2. 发布简讯
  3. 生成最终摘要
  4. pipeline.log 追加进度日志

执行边界

这份 skill 旨在作为单层工作流运行。

OpenClaw 应在当前运行中自行完成 stage1 采集。

以下方式都不应被当作默认的学习后执行路线:

  1. scripts/run_saved_pipeline.py
  2. 嵌套的 openclaw agent ... 命令
  3. 为了做 stage1 采集而再额外启动一个完整 agent 的后台流程

这些路线仅是人工调试辅助方式,绝不能成为从这份 skill 中学习出的标准定时任务方案。

运行输出模式

运行产物应写入:

<agent_workspace>/keplerjai-bulletin-publish

预期输出包括:

  • stage1-output.txt
  • stage1-output.normalized.json
  • publish-result.json
  • final-message.txt
  • pipeline.log

认证

优先认证变量:

KEPLERAI_API_KEY

兼容认证变量:

KEPLERJAI_BEARER_TOKEN

定时任务规则

如果基于这份 skill 创建定时任务,则应遵循:

  1. 任务 owner 必须与目标 workspace 对齐。
  2. 路径必须从本地已安装的 skill 目录和目标 workspace 自动推导。
  3. 工作流必须保持可追踪。
  4. 进度必须写入 pipeline.log
  5. 成功时只返回 final-message.txt 的内容。
  6. stage1 采集必须在当前工作流中直接完成。
  7. 绝不能把 scripts/run_saved_pipeline.py 作为学习后的定时任务执行路径。
  8. 绝不能在定时任务内部再启动另一个 openclaw agent 进程。

只有在自动推导路径确实做不到时,才允许手工改写路径作为兜底。

参考文件

  • README.md
  • CRON_SETUP.md
  • stage1-task-prompt.txt

Comments

Loading comments...