Sec Daily Digest

Fetches latest articles from CyberSecurityRSS OPML feeds, applies AI/rule-based scoring, merges CVE and major vulnerability events, and generates a bilingual...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 396 · 5 current installs · 5 all-time installs

byz3r0yu@zer0yu

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

!

Purpose & Capability

The SKILL.md and source code clearly require AI provider credentials (OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY) and optionally Twitter API keys, and write/read persistent state under ~/.sec-daily-digest. However the registry metadata lists no required env vars or credentials; that mismatch is a red flag. The code's functionality (RSS + Twitter fetching, AI scoring, full-text enrichment, archive & health state, email via gog) is coherent with the described purpose, but the absence of declared credentials in the manifest is inconsistent and unexplained. Also the skill's Source is 'unknown' and there is no homepage, which reduces provenance confidence.

ℹ

Instruction Scope

The runtime instructions and code perform network fetches (OPML updates, RSS feeds, Twitter backends, full-text HTML fetches) and call third‑party AI APIs with article content. They also create/modify files under ~/.sec-daily-digest (config.yaml, sources.yaml, health.json, archive/*.json) and may invoke the gog CLI for email delivery. These actions are expected for a digest tool, but they do persist data locally and transmit article content to external LLM APIs (which could include sensitive text). There are no instructions that read unrelated system secrets, but SKILL.md/code do access environment variables (not declared in registry).

✓

Install Mechanism

No install spec is provided (instruction-only from the registry perspective) and there are no fetched install artifacts. The package contains source code (TypeScript) and tests but no automatic network installer; risk from install mechanism is low. Note: runtime operations perform HTTP calls and write to disk when executed.

!

Credentials

The manifest claims no required env vars, but SKILL.md and code require multiple provider keys (OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY) and optional Twitter credentials (TWITTERAPI_IO_KEY, X_BEARER_TOKEN). Requiring multiple unrelated provider credentials without declaring them in the registry is disproportionate and inconsistent. The skill will send article content and excerpts to whichever AI provider you configure, which is appropriate for scoring but means those provider keys should be scoped and treated as sensitive. SEC_DAILY_DIGEST_HOME controls state dir and is appropriate.

ℹ

Persistence & Privilege

The skill writes persistent state to ~/.sec-daily-digest (config, sources, health, archives, opml cache). 'always' is false (normal). Persistent storage and the ability to run on a schedule/cron are expected for this use-case, but combined with network access and API credentials it increases the blast radius if credentials are leaked or the skill is malicious. The skill does not appear to modify other skills' configs or request elevated system privileges.

What to consider before installing

What to consider before installing: - Provenance: the skill lists Source: unknown and has no homepage; prefer code from a known, verifiable repository or maintainer. - Credential exposure: despite registry metadata claiming no env vars, the SKILL.md and code require API keys (OpenAI, Gemini, Anthropic) and optionally Twitter keys. Only provide credentials you trust and limit their scope/permissions (use read-only or scoped keys where possible). - Data leakage: article full-text excerpts and prompts are sent to whichever AI provider you configure. If you will be processing any sensitive content, avoid sending it to third-party LLMs or use a local provider (Ollama) if suitable. - Persistent state: the skill creates ~/.sec-daily-digest and stores archives, health logs, and sources.yaml. If you want to sandbox it, set SEC_DAILY_DIGEST_HOME to a dedicated directory with limited access. - Testing: use --dry-run and --no-twitter first to validate behavior without making AI calls or contacting Twitter. Inspect and, if desired, run the test suite (bun test) locally before scheduling automatic runs. - Email behavior: the skill calls an external gog CLI for sending email if --email is used; that requires installing and authorizing gog separately. - If you are unsure: review the source code (providers and fetch/enrich code) yourself or ask the author for a trustworthy upstream repository; avoid supplying high-value credentials until provenance is verified.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.1

Download zip

latestvk9753w9z0t66s70cxrexq0m5jh82e1s7

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Sec Daily Digest

Generate a daily cybersecurity digest for researchers from CyberSecurityRSS OPML feeds and Twitter/X security KOL accounts. Trigger command: /sec-digest.

When to Use

The user asks for a daily or latest cybersecurity digest.
The user needs balanced AI + security coverage from RSS feeds.
The user wants Twitter/X KOL security updates alongside RSS content.
The task needs merged vulnerability events (CVE-first + non-CVE clustering).
The user requests provider control (openai|gemini|claude|ollama) or --dry-run.

When Not to Use

The user wants ad-hoc one-off article summaries (use direct summarization instead).
The user expects arbitrary output language switching.

Quick Start

# Basic (RSS only, no AI scoring)
bun scripts/sec-digest.ts --dry-run --output ./output/digest.md

# With AI scoring + Twitter KOLs
TWITTERAPI_IO_KEY=your-key bun scripts/sec-digest.ts \
  --provider claude --opml tiny --hours 48 --output ./output/digest.md

# Weekly mode (168h window)
bun scripts/sec-digest.ts --mode weekly --provider openai --output ./output/weekly.md

# With email delivery (requires gog)
bun scripts/sec-digest.ts --provider claude --email me@example.com --output ./output/digest.md

# With full text enrichment
bun scripts/sec-digest.ts --provider claude --enrich --output ./output/digest.md

CLI Flags Reference

Flag	Description	Default
`--provider <id>`	AI provider: `openai\|gemini\|claude\|ollama`	`openai`
`--opml <profile>`	OPML profile: `tiny\|full`	`tiny`
`--hours <n>`	Time window in hours	`48`
`--mode <daily\|weekly>`	Shortcut: daily=48h, weekly=168h	—
`--top-n <n>`	Max articles to select	`20`
`--output <path>`	Output markdown file path	`./output/sec-digest-YYYYMMDD.md`
`--dry-run`	Rule-based scoring only (no AI calls)	false
`--no-twitter`	Disable Twitter/X KOL fetching	false
`--email <addr>`	Send digest via `gog` to address	—
`--enrich`	Fetch full text for articles	false
`--help`	Show help	—

Quick Reference

Entrypoint: scripts/sec-digest.ts
Pipeline: src/pipeline/run.ts
Config root: ~/.sec-daily-digest/
Config file: ~/.sec-daily-digest/config.yaml
Sources file: ~/.sec-daily-digest/sources.yaml
Health file: ~/.sec-daily-digest/health.json
Archive dir: ~/.sec-daily-digest/archive/
OPML cache (tiny): ~/.sec-daily-digest/opml/tiny.opml
OPML cache (full): ~/.sec-daily-digest/opml/CyberSecurityRSS.opml

Required Behavior

Always perform OPML remote update check before feed parsing.
If OPML remote check fails, use local cache only when cache exists.
If remote check fails and no local cache exists, fail fast (No cached OPML available and remote update check failed.).
Provider defaults to openai; explicit --provider overrides config.
Ranking uses balanced weights (Security + AI, default 0.5/0.5).
Output sections must include AI发展, 安全动态, and 漏洞专报.
output_language exists in config, but current implementation outputs fixed bilingual-style markdown; do not assume runtime language switching.
Twitter KOL section (🔐 Security KOL Updates) appears only when tweets are fetched.
Twitter fetch is silently skipped (no crash) when no credentials are present.

Twitter/X Configuration

Twitter KOL accounts are configured in ~/.sec-daily-digest/sources.yaml (auto-created on first run with 15 default security researchers).

Default KOL List

Taviso, GossiTheDog, SwiftOnSecurity, MalwareTechBlog, briankrebs, JohnLaTwC, and 9 others.

sources.yaml Format

sources:
  - id: taviso
    type: twitter
    name: "Tavis Ormandy / Google Project Zero"
    handle: taviso
    enabled: true
    priority: true
    topics:
      - security

  # Disable a default source:
  - id: thegrugq
    enabled: false

  # Add a new custom source:
  - id: myresearcher
    type: twitter
    name: "My Researcher"
    handle: myresearcher
    enabled: true
    priority: false
    topics:
      - security

Backend Selection

Env Var Set	Backend Used
`TWITTERAPI_IO_KEY`	twitterapi.io (preferred, 5 QPS)
`X_BEARER_TOKEN` only	Official Twitter API v2 (5 concurrent)
Both	twitterapi.io
Neither	Twitter disabled (silent)
`TWITTER_API_BACKEND=official`	Force official API

Archive (Historical Dedup)

Articles seen in the past 7 days receive a −5 score penalty (not removed, just deprioritized). Archive files are stored in ~/.sec-daily-digest/archive/YYYY-MM-DD.json and automatically cleaned after 90 days.

Source Health Monitoring

Each run records fetch success/failure for every source. Sources failing >50% of checks (with ≥2 checks) appear in a ⚠️ Source Health Warnings section at the bottom of the digest. Health data lives in ~/.sec-daily-digest/health.json.

Email Delivery (gog)

The --email flag sends the digest via gogcli:

# Install (macOS)
brew install steipete/tap/gogcli
gog auth login   # one-time OAuth setup

# Send digest
bun scripts/sec-digest.ts --provider claude \
  --email me@example.com --output /tmp/digest.md

Log output:

[sec-digest] email=sent to me@example.com
# or
[sec-digest] email=failed: gog not found in PATH. Install: ...

Full Text Enrichment

--enrich fetches article full text before AI scoring (improves classification and summarization quality). Skips paywalled/social domains (Twitter, Reddit, GitHub, YouTube, NYT, Bloomberg, WSJ, FT).

cron Integration

# Daily at 07:00
0 7 * * * cd /path/to/sec-daily-digest && \
  bun scripts/sec-digest.ts --mode daily --output ~/digests/sec-$(date +\%Y\%m\%d).md \
  2>&1 | tee -a ~/.sec-daily-digest/cron.log

# Weekly on Monday at 08:00
0 8 * * 1 cd /path/to/sec-daily-digest && \
  bun scripts/sec-digest.ts --mode weekly --output ~/digests/weekly-$(date +\%Y\%m\%d).md \
  2>&1 | tee -a ~/.sec-daily-digest/cron.log

Common Mistakes

Missing API key for selected provider (OPENAI_API_KEY is required, GEMINI_API_KEY is required, ANTHROPIC_API_KEY is required).
Misreading fallback behavior: OPML fallback is cache-dependent, not unconditional.
Forgetting --dry-run when no provider credentials are available.
Expecting Twitter KOLs without setting TWITTERAPI_IO_KEY or X_BEARER_TOKEN.

Success Signals

Logs include [sec-digest] provider=..., [sec-digest] cache_fallback=true|false, [sec-digest] output=..., and [sec-digest] stats feeds=... articles=... recent=... selected=... vuln_events=... twitter_kols=....
Output markdown contains the three required sections and vulnerability references.
~/.sec-daily-digest/archive/YYYY-MM-DD.json is written after each run.
~/.sec-daily-digest/health.json is updated after each run.

More Detail

For full installation and extended usage notes, see README.md and README.zh-CN.md.

Files

71 total

Select a file

Select a file to preview.

Comments

Loading comments…