每日毛选语录硬核推送
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it claims: generate a daily AI-written Markdown note and push it to Telegram, with user-provided API/chat credentials and optional scheduled automation.
Before installing, confirm you are comfortable giving this skill a DeepSeek API key and Telegram bot/chat access, test it with --test or --no-send, verify the Obsidian output directory, and only enable the cron schedule if you want daily automatic posts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your DeepSeek API quota and send messages through the configured Telegram bot/chat.
The skill requires user-owned DeepSeek and Telegram credentials. This is expected for AI generation and Telegram delivery, and the shown code reads them from environment variables rather than hardcoding them.
requires:
env:
- DEEPSEEK_API_KEY
- TELEGRAM_BOT_TOKEN
- TELEGRAM_CHAT_IDUse dedicated, rotatable tokens for this skill, restrict the Telegram bot/chat where possible, and avoid storing these values in shared shell history or committed files.
Running the default command will create or overwrite that day’s Markdown file and may post the generated message to Telegram.
The default execution writes a Markdown file and sends a Telegram message. These mutations are central to the skill purpose and are paired with --no-send and --test options.
saved_files = save_files(doc_content, target_date, config["output_dir"])
...
if not args.no_send:
send_telegram(telegram_msg)Run with --test or --no-send first, and confirm MAOXUAN_OUTPUT_DIR or the configured output_dir points to the intended Obsidian folder.
If you create the cron job, the skill may continue generating and sending content every day until you disable it.
The skill documents a recurring daily cron task. This is disclosed and aligned with the daily push purpose; the artifacts do not show code that silently creates the cron job.
openclaw cron create --name "每日毛选语录推送" --schedule "0 9 * * *" --agent your-agent --task "执行每日毛选语录推送"
Only create the cron job if you want ongoing automation, and keep a record of how to list, pause, or delete the scheduled task.
Running the installer changes the local Python environment and script permissions.
The manual installer can install a Python dependency and change script permissions if the user runs it. This is not automatic and the requests dependency is bounded, but it is still a local setup action users should notice.
pip3 install "requests>=2.31.0,<3" ... chmod +x scripts/*.py
Review install.sh before running it, preferably use a virtual environment, and note that httpx may also be needed for the DeepSeek integration even though this script does not install it.