📦 Podcast Manager — 播客管理

Name: Podcast Manager — 播客管理
Rating: 1

v1.0.0

通过公开 RSS 订阅源快速发现、订阅、追踪并自动摘要播客单集，本地轻量文件记录进度，支持一键更新与离线清单，让你随时掌握最新内容。

1· 261·0 当前·0 累计

by @ppopen (pp)

自动化 API工具网络工具

下载技能包

最后更新

2026/3/13

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

medium confidence

The skill's code, instructions, and requested resources are consistent with a podcast RSS feed manager that stores local tracking files; no unrelated credentials or install steps are requested, but a small network-redirect/time-of-check risk in the feed probe implementation should be reviewed before trusting it in sensitive environments.

评估建议

This skill appears to do what it says: fetch public RSS/Atom feeds, summarize episodes, and store minimal local tracking files. Things to consider before installing or enabling it for autonomous use: - Review the bundled scripts (scripts/feed_probe.py) and, if possible, run them in a sandbox before giving the agent network access. The script includes several good protections (size limit, blocking DOCTYPE/ENTITY, DNS-based private-IP checks), but it performs DNS resolution once before the HTTP r...

详细分析 ▾

✓ 用途与能力

Name and description (subscribe, track, summarize podcasts via public RSS) match the included instructions and the feed_probe helper. No unrelated environment variables, binaries, or config paths are requested.

ℹ 指令范围

SKILL.md restricts behavior to discovering/parsing public feeds and persisting local files under memory/podcasts; it warns against auto-subscribing and exposing private local paths. The included feed_probe.py implements safe parsing, size limits, and blocks private IP ranges. However, the probe resolves DNS before fetching and does not re-check the network location after redirects, which could allow a server to redirect to an internal address (redirect-based SSRF / TOCTOU). The SKILL.md does not explicitly require using the bundled script, so runtime behavior depends on how the agent is implemented.

✓ 安装机制

No install spec; this is an instruction-only skill with a small bundled Python utility. Nothing is downloaded from external URLs during install and no system-wide changes are requested.

✓ 凭证需求

No environment variables, credentials, or config paths are required. The skill operates on public feeds and local workspace files only, which is proportionate to its stated function.

✓ 持久化与权限

always is false and the skill only writes/reads its own workspace files (memory/podcasts). It does not request persistent platform privileges or claim to modify other skills' configs.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/13

Initial release with hardened feed probe and DD-reviewed safety controls

● 无害

安装命令

点击复制

官方npx clawhub@latest install podcast-manager

镜像加速npx clawhub@latest install podcast-manager --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

数据来源：ClawHub ↗ · 中文优化：龙虾技能库