newspaper-download-skill

v1.0.0

报刊 PDF 下载工具。通过 CLI 命令查询已收录的报刊更新、定位指定期次、获取 PDF 下载链接。查询不鉴权，下载需要 Import Token。Newspaper/magazine PDF download tool. Use CLI commands to query collected issues,...

⭐ 0· 65·0 current·0 all-time

by@1787812757

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 1787812757/newspaper-download-skill.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "newspaper-download-skill" (1787812757/newspaper-download-skill) from ClawHub.
Skill page: https://clawhub.ai/1787812757/newspaper-download-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install newspaper-download-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install newspaper-download-skill

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name, description, required binary (python3), config.json and the script all align with a CLI tool that queries an OCR/download API (pick-read.vip). Accepting an import token and an API base is expected.

Instruction Scope

SKILL.md mandates using the packaged CLI (not curl/requests) and always using --no-save, and the code indeed performs network requests to the API. However the instructions forbid direct API calls while the code itself bypasses system proxies and can disable TLS checks; this expands the runtime's network behavior beyond what a user might expect and reduces transparency.

✓

Install Mechanism

No install spec (instruction-only with included script). That keeps risk lower than arbitrary remote installs. The repository contains a local Python script only; nothing is fetched/installed at install time.

ℹ

Credentials

No required env vars are declared; the script optionally respects OCR_API_BASE and IMPORT_TOKEN which is reasonable. However the skill stores/reads an import token in config.json and returns URLs containing the token — users should recognize that sharing those URLs leaks the token. The number of credentials requested is minimal.

Persistence & Privilege

always:false and no special install-time persistence. But the SKILL.md's strict 'do not save' rule contrasts with code that defines DEFAULT_OUTPUT_DIR and may be able to write files if invoked without --no-save. More critically, the code bypasses system proxies (ProxyHandler({})) and uses SSL contexts that disable certificate verification — giving the script the ability to make direct, unverified outbound network connections that can circumvent platform or network policies.

What to consider before installing

This skill is plausible for getting PDF download links, but exercise caution before installing or using it: 1) The script deliberately bypasses system proxies and disables TLS certificate checks — that can circumvent corporate/network controls and make connections vulnerable to interception. If you run this inside a managed environment, this alone is a strong reason to avoid it. 2) The tool reads an import token from config.json (or IMPORT_TOKEN env) and returns download URLs that include that token — anyone with those URLs can use your token; treat it like a secret. 3) SKILL.md insists you only run the packaged CLI; review the full get_data.py to confirm it never writes files, exfiltrates other secrets, or performs unexpected actions when run without --no-save. 4) Prefer skills with a known source/homepage and audited TLS behavior; if you need this functionality, consider implementing a small trusted client that honors system proxy settings and validates certificates, or run this script in an isolated environment after a careful code review.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3

1.0.0vk972qa5xejv5we5w4k7r2n7brh84p1krlatestvk972qa5xejv5we5w4k7r2n7brh84p1kr

65downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

报刊 PDF 下载工具

⚠️ 使用规则（必须遵守）

只通过 CLI 命令调用 — 运行 python3 {baseDir}/scripts/get_data.py <command>，不要自己写脚本，不要用 curl/requests 直接调 API
所有命令加 --no-save — 输出直接打印 JSON 到终端，不落盘
先读 config.json — 执行任何命令前，先读取 {baseDir}/config.json 检查 import_token 是否已配置
报纸名支持中英文和缩写 — 纽约时报、NYT、The New York Times 都能识别

第一步：检查配置

每次使用前先读取 {baseDir}/config.json：

{
    "api_base": "https://pick-read.vip/api",
    "import_token": "imp-xxx..."
}

如果 import_token 为空 → 告知用户：请到 pick-read.vip 账户页生成导入令牌并填入 config.json
如果 import_token 已填写 → 直接执行命令，无需再传 --token 参数

工作流 A：查看今天更新了什么

python3 {baseDir}/scripts/get_data.py updates --no-save

返回示例：

{
  "type": "recent_updates",
  "total": 12,
  "items": [
    {"issue_id": "abc123", "pub_name": "Financial Times", "issue_date": "2026-04-01", "page_count": 20},
    {"issue_id": "def456", "pub_name": "The New York Times", "issue_date": "2026-04-01", "page_count": 46}
  ]
}

可选参数：--days 3（最近3天）、--limit 5（最多5条）

如果今天 total=0，尝试 --days 2 查看昨天的更新。

工作流 B：查询某份报纸并获取下载链接

python3 {baseDir}/scripts/get_data.py issue-info "纽约时报" --no-save

返回示例（config.json 有 token 时）：

{
  "type": "issue_info",
  "matched": true,
  "issue_id": "abc123",
  "pub_name": "The New York Times",
  "issue_date": "2026-04-01",
  "page_count": 46,
  "download_url": "https://pick-read.vip/api/import-pdf/abc123?token=imp-xxx"
}

可选参数：--issue-date 2026-03-31（指定日期）

把 download_url 直接给用户，这就是 PDF 下载地址。

工作流 C：批量获取下载链接

python3 {baseDir}/scripts/get_data.py download-links --no-save

返回示例：

{
  "type": "download_links",
  "has_token": true,
  "total": 12,
  "items": [
    {"issue_id": "abc123", "pub_name": "Financial Times", "issue_date": "2026-04-01", "page_count": 20, "download_url": "https://pick-read.vip/api/import-pdf/abc123?token=imp-xxx"},
    {"issue_id": "def456", "pub_name": "The New York Times", "issue_date": "2026-04-01", "page_count": 46, "download_url": "https://pick-read.vip/api/import-pdf/def456?token=imp-xxx"}
  ]
}

可选参数：--days 2（最近2天）、--pub-name "Financial Times"（按刊物筛选）、--limit 5

工作流 D：组合任务示例

用户说"帮我下载纽约时报和华尔街日报"：

# 步骤1: 获取纽约时报
python3 {baseDir}/scripts/get_data.py issue-info "纽约时报" --no-save

# 步骤2: 获取华尔街日报
python3 {baseDir}/scripts/get_data.py issue-info "华尔街日报" --no-save

从返回的 JSON 中提取 download_url，提供给用户即可。

报纸名称对照表

用户可能的输入	会匹配到
`纽约时报` / `NYT`	The New York Times
`华尔街日报` / `WSJ`	The Wall Street Journal
`金融时报` / `FT`	Financial Times
`华盛顿邮报` / `wapo`	The Washington Post
`洛杉矶时报` / `LA Times`	Los Angeles Times
`中国日报`	China Daily
`卫报` / `Guardian`	The Guardian

禁止事项

✘ 不要用 curl、wget、requests 等直接调用 API
✘ 不要自己拼 URL 或写 HTTP 请求代码
✘ 不要猜测 API 端点路径
✘ 不要编造下载链接
✘ 检索失败时不得编造内容，应如实告知用户

故障排查

现象	原因	解决
`download_url` 为 null	config.json 中 import_token 为空	让用户到 pick-read.vip 生成令牌
`matched: false`	报纸名未匹配到	换个名称试试，或用 `updates` 查看有哪些报刊
`total: 0`	指定日期无更新	用 `--days 2` 或 `--days 3` 扩大范围
`EOF occurred in violation of protocol`	系统代理/VPN 干扰 TLS	脚本已内置代理绕过，正常重试即可
命令报错	网络问题或服务端问题	重试一次，仍失败则告知用户

Comments

Loading comments...