# Send Security Daily Digest to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "sec-daily-digest",
    "name": "Security Daily Digest",
    "source": "tencent",
    "type": "skill",
    "category": "数据分析",
    "sourceUrl": "https://clawhub.ai/zer0yu/sec-daily-digest",
    "canonicalUrl": "https://clawhub.ai/zer0yu/sec-daily-digest",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/sec-daily-digest",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sec-daily-digest",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "README.zh-CN.md",
      "SKILL.md",
      "package.json",
      "references/digest-prompt.md",
      "scripts/sec-digest.ts"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/sec-daily-digest"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/sec-daily-digest",
    "downloadUrl": "https://openagent3.xyz/downloads/sec-daily-digest",
    "agentUrl": "https://openagent3.xyz/skills/sec-daily-digest/agent",
    "manifestUrl": "https://openagent3.xyz/skills/sec-daily-digest/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/sec-daily-digest/agent.md"
  }
}
```
## Documentation

### Sec Daily Digest

Generate a daily cybersecurity digest for researchers from CyberSecurityRSS OPML feeds and Twitter/X security KOL accounts.
Trigger command: /sec-digest.

### When to Use

The user asks for a daily or latest cybersecurity digest.
The user needs balanced AI + security coverage from RSS feeds.
The user wants Twitter/X KOL security updates alongside RSS content.
The task needs merged vulnerability events (CVE-first + non-CVE clustering).
The user requests provider control (openai|gemini|claude|ollama) or --dry-run.

### When Not to Use

The user wants ad-hoc one-off article summaries (use direct summarization instead).
The user expects arbitrary output language switching.

### Quick Start

# Basic (RSS only, no AI scoring)
bun scripts/sec-digest.ts --dry-run --output ./output/digest.md

# With AI scoring + Twitter KOLs
TWITTERAPI_IO_KEY=your-key bun scripts/sec-digest.ts \\
  --provider claude --opml tiny --hours 48 --output ./output/digest.md

# Weekly mode (168h window)
bun scripts/sec-digest.ts --mode weekly --provider openai --output ./output/weekly.md

# With email delivery (requires gog)
bun scripts/sec-digest.ts --provider claude --email me@example.com --output ./output/digest.md

# With full text enrichment
bun scripts/sec-digest.ts --provider claude --enrich --output ./output/digest.md

### CLI Flags Reference

FlagDescriptionDefault--provider <id>AI provider: openai|gemini|claude|ollamaopenai--opml <profile>OPML profile: tiny|fulltiny--hours <n>Time window in hours48--mode <daily|weekly>Shortcut: daily=48h, weekly=168h—--top-n <n>Max articles to select20--output <path>Output markdown file path./output/sec-digest-YYYYMMDD.md--dry-runRule-based scoring only (no AI calls)false--no-twitterDisable Twitter/X KOL fetchingfalse--email <addr>Send digest via gog to address—--enrichFetch full text for articlesfalse--helpShow help—

### Quick Reference

Entrypoint: scripts/sec-digest.ts
Pipeline: src/pipeline/run.ts
Config root: ~/.sec-daily-digest/
Config file: ~/.sec-daily-digest/config.yaml
Sources file: ~/.sec-daily-digest/sources.yaml
Health file: ~/.sec-daily-digest/health.json
Archive dir: ~/.sec-daily-digest/archive/
OPML cache (tiny): ~/.sec-daily-digest/opml/tiny.opml
OPML cache (full): ~/.sec-daily-digest/opml/CyberSecurityRSS.opml

### Required Behavior

Always perform OPML remote update check before feed parsing.
If OPML remote check fails, use local cache only when cache exists.
If remote check fails and no local cache exists, fail fast (No cached OPML available and remote update check failed.).
Provider defaults to openai; explicit --provider overrides config.
Ranking uses balanced weights (Security + AI, default 0.5/0.5).
Output sections must include AI发展, 安全动态, and 漏洞专报.
output_language exists in config, but current implementation outputs fixed bilingual-style markdown; do not assume runtime language switching.
Twitter KOL section (🔐 Security KOL Updates) appears only when tweets are fetched.
Twitter fetch is silently skipped (no crash) when no credentials are present.

### Twitter/X Configuration

Twitter KOL accounts are configured in ~/.sec-daily-digest/sources.yaml (auto-created on first run with 15 default security researchers).

### Default KOL List

Taviso, GossiTheDog, SwiftOnSecurity, MalwareTechBlog, briankrebs, JohnLaTwC, and 9 others.

### sources.yaml Format

sources:
  - id: taviso
    type: twitter
    name: "Tavis Ormandy / Google Project Zero"
    handle: taviso
    enabled: true
    priority: true
    topics:
      - security

  # Disable a default source:
  - id: thegrugq
    enabled: false

  # Add a new custom source:
  - id: myresearcher
    type: twitter
    name: "My Researcher"
    handle: myresearcher
    enabled: true
    priority: false
    topics:
      - security

### Backend Selection

Env Var SetBackend UsedTWITTERAPI_IO_KEYtwitterapi.io (preferred, 5 QPS)X_BEARER_TOKEN onlyOfficial Twitter API v2 (5 concurrent)Bothtwitterapi.ioNeitherTwitter disabled (silent)TWITTER_API_BACKEND=officialForce official API

### Archive (Historical Dedup)

Articles seen in the past 7 days receive a −5 score penalty (not removed, just deprioritized). Archive files are stored in ~/.sec-daily-digest/archive/YYYY-MM-DD.json and automatically cleaned after 90 days.

### Source Health Monitoring

Each run records fetch success/failure for every source. Sources failing >50% of checks (with ≥2 checks) appear in a ⚠️ Source Health Warnings section at the bottom of the digest. Health data lives in ~/.sec-daily-digest/health.json.

### Email Delivery (gog)

The --email flag sends the digest via gogcli:

# Install (macOS)
brew install steipete/tap/gogcli
gog auth login   # one-time OAuth setup

# Send digest
bun scripts/sec-digest.ts --provider claude \\
  --email me@example.com --output /tmp/digest.md

Log output:

[sec-digest] email=sent to me@example.com
# or
[sec-digest] email=failed: gog not found in PATH. Install: ...

### Full Text Enrichment

--enrich fetches article full text before AI scoring (improves classification and summarization quality). Skips paywalled/social domains (Twitter, Reddit, GitHub, YouTube, NYT, Bloomberg, WSJ, FT).

### cron Integration

# Daily at 07:00
0 7 * * * cd /path/to/sec-daily-digest && \\
  bun scripts/sec-digest.ts --mode daily --output ~/digests/sec-$(date +\\%Y\\%m\\%d).md \\
  2>&1 | tee -a ~/.sec-daily-digest/cron.log

# Weekly on Monday at 08:00
0 8 * * 1 cd /path/to/sec-daily-digest && \\
  bun scripts/sec-digest.ts --mode weekly --output ~/digests/weekly-$(date +\\%Y\\%m\\%d).md \\
  2>&1 | tee -a ~/.sec-daily-digest/cron.log

### Common Mistakes

Missing API key for selected provider (OPENAI_API_KEY is required, GEMINI_API_KEY is required, ANTHROPIC_API_KEY is required).
Misreading fallback behavior: OPML fallback is cache-dependent, not unconditional.
Forgetting --dry-run when no provider credentials are available.
Expecting Twitter KOLs without setting TWITTERAPI_IO_KEY or X_BEARER_TOKEN.

### Success Signals

Logs include [sec-digest] provider=..., [sec-digest] cache_fallback=true|false, [sec-digest] output=..., and [sec-digest] stats feeds=... articles=... recent=... selected=... vuln_events=... twitter_kols=....
Output markdown contains the three required sections and vulnerability references.
~/.sec-daily-digest/archive/YYYY-MM-DD.json is written after each run.
~/.sec-daily-digest/health.json is updated after each run.

### More Detail

For full installation and extended usage notes, see README.md and README.zh-CN.md.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: zer0yu
- Version: 0.2.1
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-23T16:43:11.935Z
- Expires at: 2026-04-30T16:43:11.935Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/sec-daily-digest)
- [Send to Agent page](https://openagent3.xyz/skills/sec-daily-digest/agent)
- [JSON manifest](https://openagent3.xyz/skills/sec-daily-digest/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/sec-daily-digest/agent.md)
- [Download page](https://openagent3.xyz/downloads/sec-daily-digest)