ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

News Aggregator Skill

v0.1.0

Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, and Weibo. Best for 'daily scans', 'tech news briefings', 'finance updates', and 'deep interpretations' of hot topics.

0· 1.9k·1 current·1 all-time
by@administratorfung·duplicate of @cclank/news-aggregator-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, the SKILL.md usage examples, templates.md, README, and the Python fetchers all align: they target the listed 8 sources and provide deep-fetch, filtering, and report generation. The declared requirements (none) are consistent with a small Python utility that uses requests and BeautifulSoup (requirements.txt present). There are no unrelated requested credentials or surprising external services.
!
Instruction Scope
SKILL.md contains strong mandatory directives (e.g., MUST expand keywords, MUST deep-analyze every item, MUST save reports to reports/) and an interactive trigger that instructs the agent to read templates.md. The 'deep' mode explicitly downloads and extracts article text from arbitrary URLs (fetch_url_content in scripts/fetch_news.py). That behavior is expected for a deep reader, but it grants the skill the ability to issue HTTP requests to any URL discovered in news items — raising SSRF/remote-fetch risks. Also the SKILL.md includes detected unicode-control-chars (prompt-injection) which may try to influence agent behavior; this is suspicious and should be inspected.
Install Mechanism
There is no formal install spec in the registry entry (instruction-only), but the package contains runnable Python code and a requirements.txt (requests, beautifulsoup4). The README suggests cloning from a GitHub repo and pip installing — a normal but manual install flow. Because code will be executed by the agent (scripts/fetch_news.py), the absence of an automated, vetted install increases the need to inspect the code before running.
Credentials
The skill requests no environment variables, credentials, or system config paths — consistent with its purpose. The number and nature of requested resources are proportional to a news scraper/aggregator. No hidden credential access was found in the provided files.
Persistence & Privilege
always:false (normal). The skill writes generated reports to a reports/ directory in its skill folder (SKILL.md requires saving reports). Writing files in the skill directory is expected for report generation, but users should note it will create persistent artifacts. The skill does not request to modify other skills or global agent configs.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters that the pre-scan flagged as potential prompt-injection. This is not needed for a news-aggregator and is suspicious — inspect SKILL.md for invisible characters that could alter parsing or instructions.
What to consider before installing
What to consider before installing: - Inspect the SKILL.md and scripts/fetch_news.py yourself (or have a trusted reviewer) — the skill contains executable Python code that makes network requests and writes reports to disk. The code is plausible for a news aggregator, but you should verify there are no hidden backdoors or obfuscated behaviors (the pre-scan found unicode control characters in SKILL.md). - Be cautious with 'deep' mode: it fetches the full text of article URLs discovered in feeds. That allows requests to arbitrary URLs (SSRF risk). If you plan to use this skill, either disable automatic deep fetching by default or restrict it to an explicit user-approved mode. - Run the skill in a sandbox or environment with restricted network access (no access to internal IP ranges) until you are confident. Limit concurrency/timeouts and consider a URL whitelist for deep fetching. - Because the source/homepage is unknown, prefer obtaining the skill from a verifiable source (official repo or maintainer). If you must install, avoid giving it credentials and avoid running it on hosts that contain sensitive internal services. - Remove or examine any invisible/unicode control characters in SKILL.md (these may be prompt-injection attempts). Also verify that templates.md and other files do not contain unexpected instructions or hard-coded endpoints. - If you want to proceed: require explicit user confirmation before any global-scan/deep actions, and consider modifying fetch_news.py to limit which domains can be fetched and to log fetching actions for auditing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bw82a531cadwcy5803vsd99804z0m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments