中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
Smart Keepalive
定时抓取 RSS 热点并通过 OpenClaw 自动发送「保活简报 keepalive」,支持文案润色、可选作息附录及 launchd/cron 定时部署辅助
合法的 RSS 资讯聚合 + OpenClaw 消息发送工具,所有能力均已在 SKILL.md 中声明,无阴影操作或凭证收割行为。
Skill NameSmart Keepalive
Duration31.9s
Enginepi
Safe to install
可直接使用。建议定期审计外部 RSS 源的可访问性。

Findings 1 items

Severity Finding Location
Low
多个外部 RSSHub 实例依赖
使用 rsshub.liumingye.cn、rsshub.pseudoyu.com、sshub.rssforever.com 三个公共实例做 failover,属于可靠性设计而非隐蔽通信
https://rsshub.liumingye.cn / https://rsshub.pseudoyu.com / https://sshub.rssforever.com
→ 可接受。如需完全自主可控可部署私有 RSSHub
 SKILL.md:61-63, smart-keepalive.py:37-41:61
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md:fetch RSS from RSSHub, fetch weather API
Shell WRITE WRITE ✓ Aligned SKILL.md:执行 openclaw agent / openclaw message send;smart-keepalive.py:run_cmd() …
Filesystem WRITE WRITE ✓ Aligned SKILL.md:写入 config.json、日志;smart-keepalive.py:write_local_config()、log_file
13 findings
🔗
Medium External URL 外部 URL
https://agentskills.io/skill-creation/best-practices
SKILL.md:9
🔗
Medium External URL 外部 URL
https://rsshub.liumingye.cn
SKILL.md:61
🔗
Medium External URL 外部 URL
https://rsshub.pseudoyu.com
SKILL.md:62
🔗
Medium External URL 外部 URL
https://sshub.rssforever.com
SKILL.md:63
🔗
Medium External URL 外部 URL
https://autodev.openspeech.cn/csp/api/v2.1/weather
smart-keepalive.py:492
🔗
Medium External URL 外部 URL
https://api.bilibili.com/x/web-interface/ranking/v2
smart-keepalive.py:547
🔗
Medium External URL 外部 URL
https://www.bilibili.com/video/
smart-keepalive.py:566
🔗
Medium External URL 外部 URL
https://plink.anyfeeder.com/zaobao/realtime/china
smart-keepalive.py:601
🔗
Medium External URL 外部 URL
https://plink.anyfeeder.com/zaobao/realtime/singapore
smart-keepalive.py:605
🔗
Medium External URL 外部 URL
https://plink.anyfeeder.com/zaobao/realtime/world
smart-keepalive.py:608
🔗
Medium External URL 外部 URL
https://plink.anyfeeder.com/wsj/cn
smart-keepalive.py:611
🔗
Medium External URL 外部 URL
https://sspai.com/feed
smart-keepalive.py:617
🔗
Medium External URL 外部 URL
https://rss.huxiu.com/
smart-keepalive.py:620

File Tree

5 files · 63.8 KB · 1619 lines
Python 1f · 1380L Markdown 3f · 201L Shell 1f · 38L
├─ 📁 prompts
│ ├─ 📝 rewrite-main.md Markdown 46L · 4.9 KB
│ └─ 📝 wellness.md Markdown 6L · 408 B
├─ 📝 SKILL.md Markdown 149L · 8.3 KB
├─ 🐍 smart-keepalive.py Python 1380L · 49.2 KB
└─ 🔧 smart-keepalive.sh Shell 38L · 1.1 KB

Security Positives

✓ 文档完整:SKILL.md 详细声明了所有环境变量、能力边界和 RSS 源
✓ 职责分离清晰:prompts/ 目录存放提示词,脚本只负责拉取和发送
✓ 优雅降级:agent 不可用时有 FALLBACK_REWRITE_PROMPT 兜底
✓ 无凭证收割:代码未访问 ~/.ssh、.env 或遍历敏感环境变量
✓ 无数据外泄:所有网络请求均为拉取公开 RSS/天气,而非 POST 敏感数据
✓ subprocess 限定:仅调用 openclaw CLI,未执行任意 shell 命令