每天定时推送倪海厦、南怀瑾等国学大师的相关内容,通过飞书发送给用户。内容包括佛学解脱、气功、周易、中医等主题。用于:用户请求每天获取精神修行相关资讯。
Security Analysis
medium confidenceThe skill's description claims automated Feishu pushes and web searches, but its files and manifest don't show the required sending/search implementation or any declared credentials—this mismatch is suspicious and needs clarification before trusting it.
The stated purpose (daily Feishu push of classical/health content) is reasonable. However, the skill declares no required credentials or config for Feishu nor any install steps. That could be fine if it relies on the agent's built-in 'message' tool, but the package itself does not implement Feishu integration, so it's unclear who/what will actually perform the sends.
SKILL.md instructs the agent to run scheduled tasks, perform 'batch_web_search' to gather content, extract useful fragments, and send via a 'message' tool to Feishu. The included Python script only selects a topic and formats a string; it does not perform web searches, scraping, or send messages. The runtime instructions therefore grant the agent broad authority (web search + message delivery) that is not reflected in the code, and the scheduling mechanism is unspecified.
No install spec (instruction-only plus a small helper script). This minimizes on-disk install risk—there is no external download or package installation declared.
The skill requests no environment variables or credentials, yet SKILL.md expects sending messages to Feishu. Sending to Feishu typically requires tokens/keys; absence of declared credentials is disproportionate unless the agent's 'message' tool provides delivery without additional config. The skill also doesn’t declare or document where web-search results come from or whether API keys are needed for the search tool.
always is false and there's no evidence the skill requests elevated or permanent presence. The skill does state it runs on scheduled triggers, but the manifest doesn't force inclusion or ask to modify other skills/configs.
Guidance
Before installing, verify these points with the skill author: (1) How are Feishu messages delivered? Ask for the exact mechanism and required credentials (e.g., FEISHU_TOKEN) and where those should be stored. (2) Confirm the scheduled trigger mechanism—who configures the cron/timer that runs this skill? (3) The included script only selects/formats a topic and prints it; ask for the code that performs web searches and sends messages, or clarify that the agent's built-in 'batch_web_search' and 'message' tools will be used. (4) If you will provide Feishu credentials, ensure they are scoped minimally and stored securely. (5) Consider testing in a safe environment/account first to confirm no unexpected messages or data exfiltration occur. The mismatches here look like an oversight or incomplete implementation rather than clearly malicious code, but you should get these clarifications before trusting it with credentials or enabling automated sends.
Latest Release
v1.0.0
- Initial release of daily-inspiration skill. - Delivers twice-daily Feishu messages with curated content from masters such as Ni Haixia and Nan Huai-Chin. - Covers themes including I Ching, Chinese medicine, Daoist philosophy, and Buddhist & meditative practice. - Prioritizes topics with configurable probabilities: cosmology, medicine, Daoist thought, and Buddhism. - Runs automatically at scheduled times—no user action required. - Messaging tailored for morning (spiritual focus) and evening (practical health focus).
Popular Skills
Published by @gabriel-zz on ClawHub
