概述

Security News Subscription Skill v1.0

金融行业安全资讯自动采集、评分、交叉验证、MD 报告生成系统。

1. Skill Scope

Core: Financial industry (bank/insurance/securities/asset/payment) news collection pipeline.

Abilities: Info collection | Quality scoring (100pt + 6-cat + source rating + cross-verify) | MD report generation

Boundaries: NOT responsible for content creation, deep analysis, policy interpretation

2. Trigger Scenarios

Scenario	Trigger	Note
:----	--------	------
Daily report	"daily news"	Generate daily financial security news
Weekly report	"weekly report"	Summarize last week news
Monthly report	"monthly report"	Summarize this month news
Source update	"subscribe XX"	Manage news sources

3. Classification System

Priority: Enforcement(5) > AI Finance(4) >= AI Security(4) > Security Tech(3) > National Standards(2) > Industry(1)

Important: Security tech判断优先于National standards

Category	Weight	Content	Keywords	Authority Source
:-----	:----:	---------	-----------	----------
Enforcement	5	Bank/securities penalty, AML violation	penalty/fine/rectification/warning letter/administrative penalty	nfra.gov.cn, csrc.gov.cn
AI Finance	4	LLM, intelligent investment, smart risk control	LLM, intelligent investment, smart risk control, digital employee	36kr, Xinhua, THF
AI Security	4	Prompt injection, deepfake, adversarial attack, AI supply chain	Prompt injection, deepfake, adversarial, model theft, AIGC security, AI governance	FreeBuf, SecBot
Security Tech	3	CVE, APT, ransomware, data breach, cloud security	CVE, 0day, APT, DDoS, supply chain attack, zero trust, cloud config error	SecK, FreeBuf, CNNVD
National Standards	2	GB/T, JR/T, multi-level protection, CII, cryptography	GB/T, JR/T, JR/T 0068, TC260, data security law	cfstc.pbc.gov.cn, nfra.gov.cn
Industry	1	Regulatory dynamics, rating methods, market trends	regulatory dynamics, annual report, Basel	nfra.gov.cn, pbc.gov.cn

Scoring Keywords (11 categories)

Network security | AI security | Securities standards | Banking standards | PBOC regulation

See scripts/score_news.py SECURITY_KEYWORDS and CATEGORY_BOOST_KEYWORDS

4. Source Maintenance Principles

P0: Never delete sources | P1: Disable > delete | P2: Replace > delete | P3: Build crawler > abandon

5. Execution Flow (3 Steps)

Step 1: Confirm sources
Step 2: Fetch and store
  Step 2.5: Source rating (auto) - Excellent/Good/Normal/Poor, with score multiplier
  Step 2.7: Cross-verification (auto) - Multi-source verification, VERIFIED/SINGLE/DISPUTED/UNKNOWN
Step 3: Generate MD report

Source Rating

Rating	Score	Multiplier	Threshold adjust
:-----	:----:	:--------:	:-:
Excellent	90-100	x1.15	base-10
Good	70-89	x1.05	base-5
Normal	50-69	x1.00	base
Poor	0-49	x0.85	base+15

Cross-Verification

Status	Note
:-----	------
VERIFIED	Multi-source confirmed
SINGLE	Single source, no corroboration
DISPUTED	Title similar but key info contradicts
UNKNOWN	Source unreachable or info insufficient

Rules: Score>=80 (mandatory verify) | Score 60-79 (random 30%) | Score<60 (skip)

6. Quick Commands

python3 news_digest.py --mode daily
python3 news_digest.py --mode weekly
python3 news_digest.py --mode monthly
python3 news_digest.py --mode daily --top 50 --min-score 60
python3 news_digest.py --mode daily --skip-cross-verify

7. Authority Sources

Threat Intel (14 vendors): Tencent, QAX, 360, Sangfor, Chaitin, DBAPPSecurity, Venustech, NSFOCUS, SecWiki

Financial Reg: PBC, NFRA, CSRC, CFSTC, SecRSS, Xinhua Finance

8. Version History

Ver	Date	Changes
:-----	------	------
v1.0	2026-06-01	初始版本：三步流程（确认信息源 → 采集入库 → 生成 MD 报告），纯 MD 输出。支持 74 个信息源、六分类体系、100 分评分 + 来源评级加权、交叉验证、知识库归档。

9. File Structure

news-subscription-lite/

SKILL.md (v1.0)

scripts/

news_digest.py - main entry (3-step CLI)

pipeline.py - 3-step pipeline engine

score_news.py - scoring engine

manage_sources.py - source management

discover_sources.py - WeChat source discovery

source_rating.py - source 4-level rating

cross_verify.py - cross-verification module

knowledge_manager.py - raw archive only (no wiki/IMA sync)

operation_logger.py - pipeline logging

fetch_rss.py, fetch_website.py, fetch_wechat.py,

fetch_wechat_advanced.py, fetch_wechat_mp.py,

fetch_secrss.py, fetch_finance_gov.py,

fetch_cnnvd.py, fetch_cnvd.py

references/

source_domains.json, scoring_keywords.md, security_news_format.md,

template_spec.md, setup_guide.md, version_history.md

References 按需加载指引

以下 references 文件在特定场景下需读取，避免每次加载全部：

文件	何时读取
------	------
`references/security_news_format.md`	需要了解资讯分类规则、评分字段定义时
`references/scoring_keywords.md`	调试评分异常、需要调整关键词加权时
`references/source_domains.json`	新增/修改订阅源域名、排查来源评级时
`references/setup_guide.md`	首次安装、排查环境依赖时
`references/version_history.md`	追溯版本变更、确认功能迭代时间线时
`references/template_spec.md`	修改 MD 报告模板排版时

版本历史

共 1 个版本

v1.0.0 v1.0 发版前修复（skill-optimizer 审查） P0：删除 DOCX 模板残留 assets/word_template_spec.md P0：重写 references/setup_guide.md（清除邮件/IMA 配置指引） P1：删除 scripts/__pycache__/ 构建缓存（316KB） P1：清理 .skillignore 中的冗余规则 P2：移除 pipeline.py 中残留的 wechat_search 六分类补全代码 P2：SKILL.md 新增 References 按需加载指引表 P2：requirements.txt 移除 html2image/weasyprint/openpyxl 当前

2026-06-01 23:42 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)