Rss Reader
v0.1.0RSS 订阅 + AI 汇总分析 + 飞书推送。 定时拉取新文章,AI 生成每日资讯汇总报告(热门话题、关键趋势、推荐阅读),推送到飞书。 当用户提到"RSS"、"订阅"、"RSS阅读器"、"文章订阅"、"资讯订阅"、"资讯汇总"时使用此 Skill。 首次使用自动添加 18 个精选订阅源(中文 + 国外 AI...
⭐ 1· 340·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (RSS subscriptions, AI summarization, Feishu push) align with the files and runtime behavior. The only requested secrets are an AI API key and an optional Feishu webhook, which are appropriate for generating summaries and posting reports.
Instruction Scope
SKILL.md and rss_reader.py stay within the declared purpose: they fetch RSS feeds, persist subscription/article lists under the skill's data directory, call an LLM endpoint to create summaries, and post to a Feishu webhook. Two things to note: SKILL.md instructs adding OPENAI_API_KEY and FEISHU_WEBHOOK_URL to the gateway config (~/.openclaw/gateway/.env) and restarting the Gateway (makes the key available to the agent environment); and the recommended cron entry contains text telling the gateway/agent to run the script and to reply 'NO_REPLY' and to not delete cron tasks — this is odd messaging but not evidence of malicious behavior.
Install Mechanism
There is no external install/download step; dependencies are standard Python packages (feedparser, requests) declared in requirements.txt. The repository includes a Python script and docs only; nothing is fetched from obscure URLs or executed during installation.
Credentials
The skill requests a single AI API key (OPENAI_API_KEY) and an optional FEISHU_WEBHOOK_URL — both directly justified by its functionality. Caution: the guidance tells users to put the API key in the gateway's global .env, which makes that credential available to the agent process and potentially to other skills that read environment variables. Consider using a dedicated/limited API key or isolating this skill if you have sensitive credentials.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes data only to its own skill data directory and modifies no other skills or global agent settings besides recommending an env var in the gateway .env and asking to restart the gateway (normal for configuring credentials).
Assessment
This skill appears to do what it says: it fetches RSS feeds, uses an LLM API to produce summaries, and optionally posts to a Feishu webhook. Before installing, consider: 1) Put a dedicated/limited AI API key in the environment (so a compromised key has limited impact). 2) The SKILL.md recommends placing the key in ~/.openclaw/gateway/.env — that makes the key available to the agent process and other skills; if you want isolation, run the skill in a restricted environment or avoid adding the key to a global .env. 3) Review the rss_reader.py file yourself if you have concerns (it is included and readable). 4) If you enable the cron job, verify the exact cron command and schedule; the skill recommends not deleting cron tasks, which is a policy suggestion rather than a technical requirement. If you want further review, provide the full rss_reader.py (untruncated) and I can re-check the AI-call and Feishu-posting code paths for any subtle red flags.Like a lobster shell, security has layers — review code before you run it.
latestvk974skfa3an4vaxhm2jspzqbb982ty1k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.