AI情报飞书文档
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently generates a local AI-news Markdown digest from public RSS feeds, with only minor setup and scheduling cautions.
This appears safe for an RSS-based AI news digest. Before installing, review the feed list, install PyYAML from a trusted source, and only enable the optional daily cron schedule if you want recurring automated report generation. Treat generated article text and links as untrusted news content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will contact configured news sites and create a report file on the local system.
The script makes outbound HTTP requests to RSS feeds and writes a generated Markdown file. This is expected for the skill's purpose, but it is still a local execution and network-access behavior users should notice.
with urllib.request.urlopen(req, timeout=30) as response: ... with open(output_path, 'w', encoding='utf-8') as f:
Review the RSS feed list before running, and run it only in an environment where creating local report files is acceptable.
A user may need to install PyYAML manually before the script works.
The skill documents an unpinned third-party Python dependency, while the registry metadata has no install spec. This is common for a simple script, but users should install dependencies from trusted sources.
- PyYAML: `pip install pyyaml`
Install PyYAML from a trusted package index, preferably in a virtual environment, and consider pinning a known-good version.
If another agent later reads the generated report, malicious or misleading RSS content could be treated as trustworthy context.
The generated Markdown includes article titles, summaries, links, and image URLs from external RSS feeds. That retrieved content is expected for a digest, but it is untrusted third-party text.
content += f"""### {article['title']} ... 💡 {article['summary']} ... 🔗 [阅读全文]({article['link']})Treat generated news content and links as untrusted source material, not as instructions for an agent to follow.
If added to cron, the script may run every day and repeatedly fetch RSS feeds and write reports.
The skill provides a daily cron example. It is disclosed and user-directed, but it would create recurring automated activity if the user installs it.
"schedule": "0 8 * * *", "command": "python skills/ai-news-digest/scripts/generate-ai-news.py"
Only add the cron job if recurring news generation is intended, and periodically review or remove the schedule if no longer needed.