Daily Ai Brief Skill
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: daily-ai-brief-skill Version: 0.1.2 The skill is a well-structured AI news aggregator designed to collect, score, and report on industry updates from RSS feeds, Reddit, X (via Nitter), and various web sources. The implementation uses standard libraries like aiohttp, feedparser, and Playwright, and the logic is entirely consistent with the stated purpose in SKILL.md and README.md. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the instructions provided for the AI agent are focused on formatting and translation tasks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When run, the skill may contact many news, social, API, and website sources to collect AI-related content.
The skill explicitly discloses broad external data collection from multiple public source types. This is central to the news-brief purpose, but it means running the skill will make many outbound web requests.
支持RSS、Reddit、X/Twitter、网页爬虫、API、WebSearch(搜索引擎)等多种数据源
Review and edit `src/data_sources.yaml` before use, and disable any sources or source types you do not want contacted.
Installing the skill may add Python packages and browser automation components to the local environment.
The documented setup asks the user to install Python dependencies and Playwright browser components. This is expected for a Python web-scraping tool, but it is still third-party code and browser tooling installed into the user's environment.
pip install -r requirements.txt ... playwright install
Install in a virtual environment, review `requirements.txt`, and only run the Playwright browser install if you need dynamic-page scraping.
Dynamic-source scraping may use more resources and execute website code in a headless browser session.
The web scraper launches a headless Chromium browser and loads configured webpages. This is purpose-aligned for dynamic website scraping, but those pages may execute normal website JavaScript inside the browser context.
browser = await p.chromium.launch(headless=True) ... await page.goto(self.url, wait_until="networkidle")
Keep Playwright and its browser updated, and disable `use_playwright` sources if static RSS/API sources are enough.
Generated reports may contain untrusted text from websites or social feeds.
The skill persists fetched titles, summaries, and links from external sources into Markdown/JSON reports. This is expected output, but the contents are web-derived and should not be treated as trusted instructions if later read by an agent.
报告将自动生成在 `reports/` 目录下 ... `ai_news_report_YYYYMMDD_HHMMSS.md` ... `ai_news_report_YYYYMMDD_HHMMSS.json`
Treat report content as reference material, not as instructions to an agent, and review important items at their original links.