Issue 1 — scripts/run_qa.sh lines 14–21: Multi-URL processing is broken (dead code)
When multiple URLs are passed as arguments, the script builds URL_ARGS in a loop but then ignores it and only passes $1 (the first URL) to the pipeline. All URLs after the first are silently dropped.
# Line 17-20: URL_ARGS is built but never used
for url in $URLS; do
URL_ARGS="$URL_ARGS --url $url"
done
# Line 21: only $1 is used regardless
python3 "$SCRIPT_DIR/qa_pipeline.py" --url "$1" --output "$DATA_DIR/qa_data.json"Fix: either use a temp file with --urls, or use $URL_ARGS instead of --url "$1".
Issue 2 — index.html lines 356 and 367: Broken links to memory-system.html
Two anchor tags reference memory-system.html, but that file does not exist. Only memory-system.md is present in the repo. Both links will 404.
- Line 356:
<a href="memory-system.html" style="color: #58a6ff;">查看完整指南 →</a>
- Line 367:
<a href="memory-system.html">OpenClaw 记忆系统完全指南</a>
Fix: remove these links, or generate/add memory-system.html to the repo.
Issue 3 — scripts/qa_pipeline.py line 243: Unguarded dict key access (KeyError risk)
"tweet_author": tweet_data["tweet"]["screen_name"] if tweet_data and "tweet" in tweet_data else "",
tweet_data["tweet"]["screen_name"] does not use .get(). If the tweet fetcher returns a dict without screen_name, this raises KeyError and crashes the pipeline. All other accesses in the same function use .get() defensively (lines 194–197).
Fix: tweet_data["tweet"].get("screen_name", "").
Issue 4 — scripts/qa_pipeline.py line 87: Double @ in MiniMax classification prompt
r['author'] is already stored with a leading @ (set at monitor_replies.py:132 as f"@{m.group(1)}"). The prompt formatting adds another @:
texts.append(f"{i+1}. @{r['author']}: {r['text']}")
# Produces: "1. @@username: ..."This sends malformed text to the AI classifier. Fix: remove the extra @ prefix in the f-string.
Issue 5 — feeds/subscribers.json line 16: Webhook URL is HTTP, not HTTPS
"url": "http://43.163.91.147:9378/teahouse-feed"
Webhook payloads (containing comment content and GitHub URLs) are sent over unencrypted HTTP. An attacker on the network path can read or tamper with these payloads. Fix: use HTTPS if the subscriber server supports it.
Issue 1 —
scripts/run_qa.shlines 14–21: Multi-URL processing is broken (dead code)When multiple URLs are passed as arguments, the script builds
URL_ARGSin a loop but then ignores it and only passes$1(the first URL) to the pipeline. All URLs after the first are silently dropped.Fix: either use a temp file with
--urls, or use$URL_ARGSinstead of--url "$1".Issue 2 —
index.htmllines 356 and 367: Broken links tomemory-system.htmlTwo anchor tags reference
memory-system.html, but that file does not exist. Onlymemory-system.mdis present in the repo. Both links will 404.<a href="memory-system.html" style="color: #58a6ff;">查看完整指南 →</a><a href="memory-system.html">OpenClaw 记忆系统完全指南</a>Fix: remove these links, or generate/add
memory-system.htmlto the repo.Issue 3 —
scripts/qa_pipeline.pyline 243: Unguarded dict key access (KeyErrorrisk)tweet_data["tweet"]["screen_name"]does not use.get(). If the tweet fetcher returns a dict withoutscreen_name, this raisesKeyErrorand crashes the pipeline. All other accesses in the same function use.get()defensively (lines 194–197).Fix:
tweet_data["tweet"].get("screen_name", "").Issue 4 —
scripts/qa_pipeline.pyline 87: Double@in MiniMax classification promptr['author']is already stored with a leading@(set atmonitor_replies.py:132asf"@{m.group(1)}"). The prompt formatting adds another@:This sends malformed text to the AI classifier. Fix: remove the extra
@prefix in the f-string.Issue 5 —
feeds/subscribers.jsonline 16: Webhook URL is HTTP, not HTTPSWebhook payloads (containing comment content and GitHub URLs) are sent over unencrypted HTTP. An attacker on the network path can read or tamper with these payloads. Fix: use HTTPS if the subscriber server supports it.