ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub AI Daily Report

v1.0.0

Daily AI digest skill. Fetches trending GitHub AI/LLM/agent projects and Hacker News discussions, formats a structured report with value analysis, sends it t...

0· 0·0 current·0 all-time
by@ssyvonne
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (daily AI digest from GitHub/HN, delivered to Feishu and prepended to a doc) align with the SKILL.md steps. The operations (search, format, message, insert into a doc) are coherent with the stated purpose.
Instruction Scope
Instructions are explicit about using web_search to find projects and then using a Feishu messaging and feishu_doc workflow to deliver and prepend the report. The instructions do not ask the agent to read local files or unrelated credentials. They do instruct an agent-level sequence with specific API calls (list_blocks, insert) which require authenticated access to a Feishu account.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so it does not write binaries or download code. That lowers install-time risk.
!
Credentials
The SKILL.md explicitly requires sensitive values (Feishu open_id and document tokens) but the registry metadata declares no required env vars or primary credential. That mismatch means the skill needs secrets at runtime which are not advertised in its metadata — a transparency and security concern. The required Feishu tokens grant write access to user docs/messages and should be treated as sensitive and minimized (scoped service account recommended).
Persistence & Privilege
always is false and the skill does not request persistent system presence or attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not excessive here.
What to consider before installing
This skill appears to do what it says (collect trending AI projects and post a formatted report to Feishu), but it asks you to provide Feishu credentials/tokens in the instructions while the registry metadata does not declare those secrets. Before installing or enabling: 1) Confirm what credentials the agent/platform will actually use for Feishu (prefer a dedicated, least-privilege service account/token). 2) Require that the skill's metadata include the required env vars (open_id and doc tokens) so you can see what will be requested up front. 3) Verify the Feishu token scopes — allow only messaging and doc-editing for the digest docs, not full account access. 4) Test with a throwaway Feishu account or limited-permission tokens to confirm the insert/list behavior. 5) If you need stronger assurance, request the publisher to declare required env vars in the skill metadata and to provide a privacy/access note explaining how tokens are used and stored. The owner id is opaque; treat it as unverified unless you can confirm the publisher's identity.

Like a lobster shell, security has layers — review code before you run it.

latestvk978kfzh117a9dzrma0d5gsxp98440h2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI Daily Report Skill

Fetch trending AI/LLM projects from GitHub and HN, format a structured daily digest, deliver it via Feishu message, and prepend to a Feishu doc (newest-first order).

Configuration

Before first use, replace these placeholders in the steps below:

PlaceholderWhat to fill in
YOUR_FEISHU_USER_OPEN_IDYour Feishu open_id (starts with ou_)
YOUR_DAILY_DOC_TOKENFeishu doc token for your daily digest archive
YOUR_BACKLOG_DOC_TOKENFeishu doc token for your project backlog/TODO list (optional)

Step 1 — Fetch Content

Use web_search to find today's trending AI projects. Do not fetch github.com/trending directly (blocked).

Recommended searches:

  • "github trending AI agent LLM today"
  • "github trending python AI machine learning today"
  • "hacker news AI tools today"

Filter criteria: AI Agent / LLM / automation tooling. Prioritize projects with clear practical value.

Step 2 — Format the Report

For each selected project, include all four fields — no one-liners:

  • What it is: One sentence on the problem it solves
  • Pain point: What was the old approach, what does this improve
  • Value: Concrete use case for you or your team
  • Follow-up: Effort level (low/medium/high), worth tracking?

Report structure:

# YYYY-MM-DD GitHub AI Hot List

## 🔥 Top 3 Today
[project entries]

## 🤖 Most Relevant for AI Agents
[project entries]

## 📋 Recommended Quick Start
Pick 1 low-effort, high-value project. Explain why in 2–3 sentences.

---

Step 3 — Send & Archive

3a — Send via Feishu

message tool:
  channel: feishu
  target: user:YOUR_FEISHU_USER_OPEN_ID
  message: <full report>

3b — Prepend to Feishu document (newest-first)

⚠️ Never use feishu_doc append — it adds to the bottom.

Steps:

  1. feishu_doc list_blocks with doc_token: YOUR_DAILY_DOC_TOKEN
  2. Find the Page block (type=Page), note its block_id as PAGE_ID
  3. feishu_doc insert with:
    • parent_block_id = PAGE_ID
    • index = 0
    • Content: today's full report in Markdown
  4. Title format: # YYYY-MM-DD GitHub AI Hot List
  5. End with a --- divider

3c — Log to backlog (optional)

If any project is worth tracking, append to your backlog doc:

  • doc_token: YOUR_BACKLOG_DOC_TOKEN, section 📥 Backlog
  • Format: - 🔲 **ProjectName** \dimension` `priority` `source: GitHub YYYY-MM-DD` — one-line value summary`

Step 4 — Summary

After completing all steps, output:

  • Number of projects covered
  • Archive status (inserted at position #1 in doc)
  • Recommended quick-start project

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…