ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Daily Brief

Parallel fetch and summarize top 10 AI news from multiple sources, delivering a structured daily brief to users via Telegram.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 30 · 1 current installs · 1 all-time installs
by@warrior156006050
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose is to fetch and deliver a Telegram brief. However, the skill declares no credentials, tokens, or config paths required to send messages to Telegram (e.g., bot token, chat id). That credential requirement is expected for the described capability but is missing.
!
Instruction Scope
SKILL.md explicitly instructs using a 'browser' tool and 'snapshot' to scrape pages (which is coherent with fetching news) but also instructs to 'send to warrior's Telegram' without describing how to authenticate or which account/chat id is targeted. The instructions therefore direct outbound delivery to an external endpoint with no declared auth or safeguards.
Install Mechanism
This is instruction-only (no install spec, no code files), so there is no package-download or install risk from the skill itself.
!
Credentials
The skill requires zero environment variables but its runtime behavior (sending Telegram messages) normally requires secrets like TELEGRAM_BOT_TOKEN and a destination CHAT_ID. Absence of those declared variables is disproportionate and unexplained. Also the SKILL.md does not explain where snapshots/content are stored or how long fetched data persists.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated platform privileges and does not claim to modify other skills or global config.
What to consider before installing
Before installing, ask the author to clarify how Telegram delivery is authenticated: what bot token and chat id are used, and where those credentials are stored. Do not install if the skill will send messages to an account you don't control (the SKILL.md's 'warrior' recipient is ambiguous). Request that the skill declare required env vars (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and document any data retention for snapshots. Because the skill scrapes external sites, confirm it respects robots/terms and rate limits. If you proceed, run it in a sandboxed agent environment, supply only the minimal necessary credentials, and review or audit the tool chain that actually performs the Telegram send.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cvxhgqehn3zmr8h09ta28hn83xk5s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI 资讯日报抓取技能

功能

并行抓取多个 AI 资讯源,生成结构化日报并发送给用户。

使用方法

# 手动触发
openclaw run ai-daily-brief

抓取源

  1. 36 氪 AI 频道:https://www.36kr.com/information/AI/
  2. 极客公园 AI 新浪潮:https://www.geekpark.net/column/304

输出格式

  • 标题 + 核心观点 + 深度总结(2-3 句话)
  • 清晰的 Markdown 格式
  • 发送到 warrior 的 Telegram

优化策略

  • 使用 browser 工具并行抓取多个源
  • 使用 snapshot 获取页面内容
  • 提取 TOP10 最新资讯
  • 结构化整理后发送

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…