ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

疯信子AI资讯

v1.0.0

AI资讯推送技能 - 根据SOP生成高价值AI资讯报告 自动抓取过去24小时内的AI热点,生成结构化深度分析

0· 70·0 current·0 all-time
by疯信子@happyzengfen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (fetch AI news and save to Get笔记) matches what the SKILL.md and script do, but the registry metadata lists no required environment variables while both SKILL.md and scripts/generate.sh require GETNOTE_API_KEY and GETNOTE_CLIENT_ID. The script also calls other tools (ddgs, felo-x-search, web_fetch) — which is reasonable for web scraping, but the hard-coded node path for felo-x-search is brittle and unexpected.
!
Instruction Scope
SKILL.md instructs installing ddgs and creating ~/.config/ai-news-generator/.env containing GetNote credentials, then running scripts/generate.sh. The script assembles a note from scraped content and POSTS it to an external API. Notable inconsistencies: the documentation points users to open.getnote.cn for API keys, but the script posts to https://openapi.biji.com/open/api/v1/resource/note/save (a different host). The script also references running node /path/to/felo-x-search/scripts/run_x_search.mjs (a hard-coded path that may not exist) and uses web_fetch (claimed OpenClaw builtin). These discrepancies increase the risk of unexpected data flows or misconfiguration.
Install Mechanism
This is an instruction-only skill with no packaged install spec. SKILL.md suggests 'npm i -g ddgs' which is a common public package install; there are no downloads from arbitrary URLs or archives in the package. Overall installation risk is low, but the user will install and run external binaries (ddgs, possibly node-based search) so they should verify those tools independently.
!
Credentials
The runtime requires GETNOTE_API_KEY and GETNOTE_CLIENT_ID (used as Authorization and X-Client-ID headers when posting the note). These credentials are proportional to the stated purpose (saving notes) but they are not declared in the skill registry metadata — a metadata omission that can mislead users. The script also optionally reads AI_NEWS_LOG for log location. No unrelated credentials (AWS, etc.) are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. It writes temporary output files (under /tmp) and asks to store a local config file under ~/.config/ai-news-generator — these are within reasonable scope for a user-run script.
What to consider before installing
Things to check before installing or running this skill: - Do not supply GETNOTE_API_KEY / GETNOTE_CLIENT_ID until you verify the target API: SKILL.md points to open.getnote.cn, but the script posts to openapi.biji.com. Confirm that openapi.biji.com is the legitimate API host for the Get笔记 service you intend to use. - The registry metadata did not declare required env vars; expect to set GETNOTE_API_KEY and GETNOTE_CLIENT_ID in ~/.config/ai-news-generator/.env. This metadata omission is sloppy and worth noting. - The script references a hard-coded path to felo-x-search (node /path/to/felo-x-search/...). That path will likely not exist; review or modify the script to point to a trusted installation, or run searches manually to see outputs first. - Before allowing the script to POST data, run the script locally in dry-run mode: inspect the generated /tmp/ai-news-<date>.md output to confirm no sensitive information is captured, and only then allow network posting. - If you must provide credentials, use an account/api key with minimal scope and rotate the key after testing. Consider running the script in an isolated environment (VM/container) and monitor network requests to confirm destination and content. - If anything looks unfamiliar (domains, repo links, or third-party tools), contact the skill author or prefer a vetted alternative. If you want higher assurance, ask the maintainer to fix metadata to declare required env vars and to use consistent API endpoints and relative paths (or document exact installation locations).

Like a lobster shell, security has layers — review code before you run it.

latestvk97ce3c9x3863y80qh892vyak583ajw9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ai-news-generator

AI资讯推送技能 - 根据SOP v2.0生成高价值AI资讯报告

触发词

  • "生成AI资讯"
  • "抓取AI资讯"
  • "AI资讯推送"
  • "每日AI资讯"
  • "AI日报"

功能说明

根据定义的SOP,自动抓取过去24小时内最值得报道的AI资讯,生成结构化报告并保存到Get笔记。

核心流程

  1. 精准抓取:使用多种搜索工具抓取热点
  2. 深度降噪:深入阅读原文,过滤PR通稿
  3. 格式化输出:按Markdown模板输出

搜索工具优先级

优先级工具用途
1ddgs全网搜索
2felo-x-searchTwitter/X实时
3web_fetch读取原文内容

内容维度(每类至少1条,共10条)

维度关键词示例筛选标准
🔥 行业核弹AI GPT Claude 大模型更新 巨头战略有外媒/大佬第一手评价
💻 硬核开源/神器GitHub trending AI tool 霸榜解决技术痛点,有实际效果
🧠 深度观点/论文AI research 顶会 行业领袖推文有核心insight,可延展讨论

输出格式

每条资讯包含:

## [序号]. [维度] 标题

**一句话懂它**: [15字以内]

**核心信息提取**:
> * [技术突破/功能亮点]
> * [对比优势/数据]
> * [使用门槛/开源情况]

**博主创作视角**: [解读切入点、值得聊的话题、争议点]

**来源溯源**: [原文链接]

输出元信息

  • 标题: [AI资讯] YYYY-MM-DD
  • 存储: Get笔记
  • 标签: AI, 资讯, 每日汇总

环境配置

1. 安装依赖

# 安装搜索工具
npm install -g ddgs

# 或使用pnpm
pnpm add -g ddgs

2. 配置环境变量

# 创建配置目录
mkdir -p ~/.config/ai-news-generator

# 创建环境变量文件
cat > ~/.config/ai-news-generator/.env << 'EOF'
# Get笔记配置
GETNOTE_API_KEY="your_getnote_api_key"
GETNOTE_CLIENT_ID="your_getnote_client_id"
EOF

# 设置权限
chmod 600 ~/.config/ai-news-generator/.env

3. 获取API Key

Get笔记:

  1. 访问 https://open.getnote.cn/
  2. 登录后进入开发者中心
  3. 创建应用获取 API Key 和 Client ID

使用示例

命令行执行

# 执行AI资讯生成
bash /path/to/ai-news-generator/scripts/generate.sh

对话触发

Boss: 生成今天的AI资讯
→ AI: 开始抓取...
→ AI: 已生成10条高价值资讯,已保存到Get笔记

定时任务

# 添加到crontab
crontab -e

# 每天8点执行
0 8 * * * /path/to/ai-news-generator/scripts/generate.sh >> /path/to/logs/ai-news.log 2>&1

配置文件

keywords.json - 搜索关键词

位置: config/keywords.json

{
  "行业核弹": [
    "AI GPT Claude 大模型 更新",
    "OpenAI Google Anthropic 战略"
  ],
  "硬核开源": [
    "GitHub trending AI 工具",
    "开源 AI 模型 本地部署"
  ],
  "深度观点": [
    "AI 趋势 报告 2026",
    "AI research 顶会"
  ]
}

目录结构

ai-news-generator/
├── SKILL.md              # 技能定义
├── scripts/
│   └── generate.sh       # 执行脚本
└── config/
    └── keywords.json     # 搜索关键词

依赖工具

工具用途安装
ddgs全网搜索npm i -g ddgs
felo-x-searchTwitter搜索见对应skill
web_fetch读取网页OpenClaw内置
curlHTTP请求系统自带
python3JSON处理系统自带

常见问题

Q: 搜索没有结果?

A: 检查ddgs是否正确安装,尝试手动执行 ddgs text -q "关键词"

Q: Get笔记保存失败?

A: 确认API Key和Client ID正确,网络能访问open.getnote.cn

Q: 内容太少?

A: 调整config/keywords.json中的搜索关键词

版本历史

版本日期变更
1.0.02026-03-21初始版本

作者

fengxinzi_pm (疯信子项目总监)

本技能基于SOP v2.0设计

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…