daily-digest-ai

v1.0.0

Fetches RSS feeds from 92 top Hacker News blogs (curated by Karpathy) plus 3 Chinese tech media (36氪, 少数派, InfoQ中文), uses AI to score and filter articles, an...

⭐ 0· 55·0 current·0 all-time

by@richball876

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for richball876/daily-digest-ai.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "daily-digest-ai" (richball876/daily-digest-ai) from ClawHub.
Skill page: https://clawhub.ai/richball876/daily-digest-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: npx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install daily-digest-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install daily-digest-ai

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (RSS -> AI digest) matches the included code and instructions: the script fetches ~95 RSS feeds and calls an AI provider to score/summarize. However the registry metadata says 'Required env vars: none' and 'Primary credential: none' while SKILL.md/README and the script clearly require an OpenAI-compatible API key (OPENAI_API_KEY) and optionally GEMINI_API_KEY. That metadata omission is an incoherence and should have been declared.

Instruction Scope

Runtime instructions explicitly ask the agent to prompt the user for an OpenAI-compatible key (and optionally Gemini), export those env vars, run npx -y bun to execute the included script, and persist configuration including API keys to ~/.hn-daily-digest/config.json using the Write tool. Collecting and saving API keys to disk is sensitive behavior and is outside a 'read-only' digest operation — it grants the skill persistent access to a user's credentials. The instructions otherwise stay within the stated digest purpose and do not request unrelated system files.

ℹ

Install Mechanism

There is no formal install spec (instruction-only + provided TypeScript file). Execution relies on 'npx -y bun' which will fetch/run the Bun runtime at runtime. Running npx to pull a runtime is expected for this script but introduces network-downloaded tooling execution (moderate risk). The script itself is bundled in the skill (no opaque external download URLs), which reduces but does not eliminate install risk.

Credentials

Requiring an AI provider key (OPENAI_API_KEY) and optional GEMINI_API_KEY is proportionate to an AI-driven digest. However the registry metadata did not declare these env vars. The skill will persist keys in a plaintext JSON config (~/.hn-daily-digest/config.json) unless you decline — that gives long-lived local storage of sensitive secrets. The README also suggests multiple provider options (DeepSeek, Groq, Anthropic) and instructs how to swap providers; exposing or storing different provider keys increases the attack surface.

ℹ

Persistence & Privilege

The skill does persist a config file under the user's home (~/.hn-daily-digest/config.json) to remember API keys and preferences. 'always' is false and the skill does not request elevated system-wide privileges. Persisting API keys locally is functional but sensitive; the skill uses the Write tool to save the file rather than modifying other skills or system configs.

What to consider before installing

Before installing or running this skill: (1) Be aware it requires an OpenAI-compatible API key (OPENAI_API_KEY) and may use GEMINI_API_KEY as fallback — the registry metadata failed to list these. (2) The skill will offer to save API keys and preferences to ~/.hn-daily-digest/config.json in plaintext; if you prefer not to persist secrets, provide a short-lived key or set the env var for a single run and decline saving. (3) Running the skill uses 'npx -y bun' which downloads/runs the Bun runtime — only run if you trust the skill source and your network. (4) If you are privacy-conscious, review scripts/digest.ts locally (it is included) to confirm endpoints and behavior, and consider running it in an isolated environment or with an API key that has limited scope/quota. (5) The metadata mismatch (missing declared env vars) is a quality/consistency issue — ask the publisher to correct the registry manifest before broad use.

✗

scripts/digest.ts:1053

Environment variable access combined with network send.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSmacOS · Linux · Windows

Binsnpx

latestvk974cgb3y37t3pq13wdyc8acx985g33v

55downloads

0stars

1versions

Updated 3d ago

v1.0.0

MIT-0

macOS, Linux, Windows

AI Daily Digest

从 Karpathy 推荐的 92 个热门技术博客及国内科技媒体（36氪、少数派、InfoQ中文）中抓取最新文章，通过 AI 评分筛选，生成每日精选摘要。

When to Use

Use this skill when the user wants to:

Get a daily tech news digest from top Hacker News blogs
Summarize recent tech blog articles with AI scoring
Generate a structured Markdown report from RSS feeds
Run /digest command

When NOT to Use

Do not use this skill when:

The user wants real-time news from APIs (use web search instead)
The topic is non-tech (this skill only covers tech blogs)
The user wants to search a specific website (use web search tools)

Quick Start

One-command run (with saved config)

npx -y bun {baseDir}/scripts/digest.ts --hours 48 --top-n 15 --lang zh

The script auto-generates the output file as ./digest-YYYYMMDD.md in the current directory. Use --output <path> to customize.

With environment variables (first run)

export OPENAI_API_KEY="<your-openai-compatible-key>"
export OPENAI_API_BASE="https://api.deepseek.com/v1"  # Optional, default: https://api.openai.com/v1
export OPENAI_MODEL="deepseek-chat"                  # Optional, auto-detected if omitted
# Optional fallback:
export GEMINI_API_KEY="<your-gemini-api-key>"

npx -y bun {baseDir}/scripts/digest.ts --hours 48 --top-n 15 --lang zh

Script Reference

Script	Purpose
`{baseDir}/scripts/digest.ts`	Main script — RSS fetching, AI scoring, digest generation

All scripts are located in the scripts/ subdirectory of this skill. Use {baseDir} to reference the skill's root directory.

Parameters

Flag	Default	Description
`--hours`	`48`	Time range in hours (24, 48, 72, 168)
`--top-n`	`15`	Number of top articles to include (10, 15, 20)
`--lang`	`zh`	Output language: `zh` (Chinese) or `en` (English)
`--output`	`./digest-YYYYMMDD.md`	Output file path for the generated Markdown report (auto-generated if omitted)

Environment Variables

Variable	Required	Description
`OPENAI_API_KEY`	Yes (one of the two)	OpenAI-compatible API key — primary provider (supports DeepSeek, 通义千问, 智谱, etc.)
`GEMINI_API_KEY`	No	Google Gemini API key — used as fallback when OpenAI fails. Get a free key at https://aistudio.google.com/apikey
`OPENAI_API_BASE`	No	Custom API base URL (defaults to `https://api.openai.com/v1`)
`OPENAI_MODEL`	No	Model name for OpenAI-compatible API (auto-detected from API base if omitted)

AI provider selection: The script uses OPENAI_API_KEY as the primary provider. If it fails (quota exceeded, network error), the script automatically falls back to Gemini (GEMINI_API_KEY). If only GEMINI_API_KEY is set (no OpenAI key), the script uses Gemini directly.

Using domestic (Chinese) AI providers

Set only OPENAI_API_KEY + OPENAI_API_BASE (do NOT set GEMINI_API_KEY):

Provider	`OPENAI_API_BASE`	`OPENAI_MODEL`
DeepSeek	`https://api.deepseek.com/v1`	`deepseek-chat`
通义千问	`https://dashscope.aliyuncs.com/compatible-mode/v1`	`qwen-plus`
智谱 GLM	`https://open.bigmodel.cn/api/paas/v4`	`glm-4-flash`
Groq	`https://api.groq.com/openai/v1`	`llama-3.3-70b-versatile`

OPENAI_MODEL is auto-detected from the API base URL. For DeepSeek it defaults to deepseek-chat; for others it defaults to gpt-4o-mini. Override with OPENAI_MODEL if needed.

Configuration Persistence

Config file path: ~/.hn-daily-digest/config.json

Before running, check if this file exists:

cat ~/.hn-daily-digest/config.json 2>/dev/null || echo "NO_CONFIG"

If config exists and has a geminiApiKey, ask the user whether to reuse saved settings. After a successful run, save the current configuration using the Write tool to ~/.hn-daily-digest/config.json with the following content:

{
  "geminiApiKey": "<key>",
  "timeRange": <hours>,
  "topN": <topN>,
  "language": "<zh|en>",
  "lastUsed": "<ISO timestamp>"
}

Use the Write tool (not Bash) to save the config file for cross-platform compatibility.

Interactive Flow

Step 0: Check saved config

cat ~/.hn-daily-digest/config.json 2>/dev/null || echo "NO_CONFIG"

If config exists with geminiApiKey, ask user:

"Use saved config?" — If yes, skip to Step 2 with saved parameters
"Reconfigure" — Continue to Step 1

Step 1: Collect parameters

Ask the user the following questions using AskUserQuestion:

Time range: 24h / 48h (recommended) / 72h / 7 days
Top N articles: 10 / 15 (recommended) / 20
Output language: Chinese (recommended) / English

Step 1b: API Key

If no saved openaiApiKey exists, ask the user for an OpenAI-compatible API Key (e.g. DeepSeek, OpenAI). Optionally ask for GEMINI_API_KEY as fallback.

Step 2: Execute

export OPENAI_API_KEY="<key>"
export OPENAI_API_BASE="https://api.deepseek.com/v1"
export OPENAI_MODEL="deepseek-chat"
# Optional fallback:
export GEMINI_API_KEY="<fallback-key>"

npx -y bun {baseDir}/scripts/digest.ts \
  --hours <timeRange> \
  --top-n <topN> \
  --lang <zh|en>

The output file is auto-generated as ./digest-YYYYMMDD.md. To specify a custom path, add --output <path>.

Step 3: Present results

On success:

Show the output file path
Show summary: feeds scanned, articles fetched, articles selected
Show Top 3 preview: Chinese title + one-line summary

Report structure (in the generated Markdown file):

Today's Highlights — 3-5 sentence macro trend summary by AI
Must-Read Top 3 — Bilingual titles, summaries, recommendations, keyword tags
Data Overview — Statistics table + Mermaid category pie chart + keyword bar chart + ASCII chart + tag cloud
Categorized Articles — Grouped by 6 categories (AI/ML, Security, Engineering, Tools/Open Source, Opinions, Other)

On failure:

Display error message
Common issues: invalid API key, network problems, RSS source unavailable

Requirements

npx (comes with Node.js) — used to run bun runtime automatically
bun runtime (auto-installed via npx -y bun)
At least one AI API key (OPENAI_API_KEY or GEMINI_API_KEY)
Network access (for RSS feeds and AI API)

Troubleshooting

"OPENAI_API_KEY not set"

Provide an OpenAI-compatible API Key (e.g. DeepSeek, OpenAI). Optionally set OPENAI_API_BASE for custom endpoints.

"OpenAI API request failed"

The script automatically falls back to Gemini. Make sure GEMINI_API_KEY is set.

"Failed to fetch N feeds"

Some RSS sources may be temporarily unavailable. The script skips failed sources and continues.

"No articles found in time range"

Try expanding the time range (e.g., from 24 hours to 48 hours).

Comments

Loading comments...