ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

外贸资讯聚合器 (多源 RSS + 翻译 + 飞书推送)

v2.3.3

自动抓取外贸相关多源RSS新闻,翻译标题生成中文Markdown报告,支持飞书机器人推送更新。

0· 159·0 current·0 all-time
by@joewangup

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for joewangup/trade-news-summary.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "外贸资讯聚合器 (多源 RSS + 翻译 + 飞书推送)" (joewangup/trade-news-summary) from ClawHub.
Skill page: https://clawhub.ai/joewangup/trade-news-summary
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install trade-news-summary

ClawHub CLI

Package manager switcher

npx clawhub@latest install trade-news-summary
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (multi-source RSS, translation, Feishu push) aligns with the included scripts: daily-news.sh fetches RSS and calls Baidu, classify_news.py builds a Feishu card, trend_analysis.py generates weekly stats. However the registry metadata at the top claims no required env vars/binaries whereas SKILL.md and clawhub.json declare BAIDU_APPID/BAIDU_SECRET and command-line tools (curl, jq, md5sum, xmlstarlet). Also the Python scripts need Python and the 'requests' library but that dependency is not declared.
!
Instruction Scope
SKILL.md instructs setting BAIDU credentials and optionally FEISHU_WEBHOOK and running the scripts — that fits the task. But trend_analysis.py will exit if FEISHU_WEBHOOK is unset (it treats the webhook as required), contradicting SKILL.md's 'optional' label. classify_news.py also attempts to POST to the webhook without checking it's non-empty. The scripts read/write files under the user's home (~/trade-news.md, ~/.openclaw/workspace/history) — expected for this use but worth noting.
Install Mechanism
This is instruction-only (no install spec), lowering install risk. But the runtime requirements are incomplete: the shell script lists system binaries (curl, jq, md5sum, xmlstarlet) yet the package manifest and SKILL.md omit Python and the Python 'requests' package required by the .py files. The absence of an explicit install step or dependency install is a usability/consistency issue.
!
Credentials
Requested secrets (BAIDU_APPID, BAIDU_SECRET) are proportional to the translation feature. FEISHU_WEBHOOK is a reasonable optional integration. However there are contradictory signals: the top-level registry metadata says 'Required env vars: none', clawhub.json lists the three env vars, SKILL.md marks FEISHU_WEBHOOK optional, but trend_analysis.py treats FEISHU_WEBHOOK as required. These inconsistencies increase risk of misconfiguration and accidental leaks if users set envs expecting different behavior.
Persistence & Privilege
The skill does not request elevated privileges or 'always: true'. It writes user-visible files in the user's home directory (~/trade-news.md and ~/.openclaw/workspace/history) and will run Python scripts; this is standard for a user-level RSS aggregation tool. Nothing modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement what it claims, but several inconsistencies and missing runtime declarations mean you should be cautious before installing. Specifically: (1) the code requires BAIDU_APPID and BAIDU_SECRET (translation) and will use a FEISHU_WEBHOOK to post content — confirm you trust the webhook destination; (2) the package/registry metadata incorrectly lists no required env vars while the scripts do require secrets — fix or verify env settings before running; (3) the Python scripts require Python 3 and the 'requests' library (not declared) — install those in a controlled environment (virtualenv) first; (4) trend_analysis.py currently will fail unless FEISHU_WEBHOOK is set despite SKILL.md marking it optional; (5) the scripts write files to your home (~/trade-news.md and ~/.openclaw/workspace/history) — review and, if desired, run in an isolated account or container. If you plan to use it, ask the author to correct the manifest (declare Python + requests, clarify FEISHU_WEBHOOK requirement) or run the scripts in a sandbox until those inconsistencies are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk979b9bssjfzm7y27gn5w7cdsd84zec0
159downloads
0stars
8versions
Updated 1w ago
v2.3.3
MIT-0
@joewangup
latest
Download

外贸资讯聚合器(多源 RSS + 翻译 + 飞书推送)

Version: 2.3.3

简介

自动抓取外贸相关 RSS 源(支持自定义关键词),调用百度翻译 API 生成中文标题,生成 Markdown 报告并可选推送到飞书群。

功能

  • 抓取多个 RSS 源(默认使用 Bing News 搜索外贸关键词)
  • 自动翻译标题(英 → 中,支持自动检测源语言)
  • 生成 Markdown 报告:~/trade-news.md
  • 飞书机器人推送(可选)
  • 自动分类新闻(帽子/面料/运费/关税/电商/运动服饰/汇率/国际关系/合规/行业动态)
  • 生成近7天趋势周报(各类别新闻数量及占比)

依赖

  • curl, jq, md5sum, xmlstarlet(必须安装)
  • 百度翻译 API(免费,每月 100 万字符)
  • 飞书自定义机器人(可选)

环境变量

变量必填说明
BAIDU_APPID百度翻译 App ID
BAIDU_SECRET百度翻译密钥
FEISHU_WEBHOOK飞书机器人 Webhook

安全说明

本 Skill 不会自动加载任何外部 .env 文件。请通过环境变量或直接在 crontab 中设置密钥。

网络要求

本 Skill 需要访问 Bing News 和百度翻译 API。如果您的运行环境无法直接访问外网,请配置代理(例如 export http_proxy=http://your-proxy:port)。

安装与配置

1. 获取百度翻译 API 密钥

2. 创建飞书机器人(可选)

  • 在飞书群中添加“自定义机器人”
  • 复制 Webhook URL

3. 设置环境变量

将以下内容添加到 ~/.bashrc 或执行脚本前 export:

export BAIDU_APPID="你的AppID"
export BAIDU_SECRET="你的密钥"
export FEISHU_WEBHOOK="你的飞书Webhook地址"

Comments

Loading comments...