RSS Reader
v1.0.0Monitor RSS and Atom feeds for content research. Track blogs, news sites, newsletters, and any feed source. Use when monitoring competitors, tracking industr...
⭐ 2· 3.9k·40 current·41 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the actual behavior: a local CLI that fetches RSS/Atom feeds, stores a local feeds.json, and prints summaries. The skill does not request unrelated credentials or binaries.
Instruction Scope
Runtime instructions (node scripts/rss.js add/check/list/remove) align with the stated purpose. However, SKILL.md references files and dependencies that don't match the shipped code: it mentions scripts/parse-feed.js and xml2js/node-fetch as dependencies and says feeds are stored at 'rss-reader/feeds.json', whereas the implemented script uses an internal parser and stores data/data.json (data/feeds.json). The SKILL.md cron example also shows an absolute /root path which is just an example but could encourage running the script as root. Also note: the CLI will fetch arbitrary URLs and follows redirects, so running it in an environment with access to internal services could enable SSRF-style access to internal endpoints — this is a functional risk inherent to fetching arbitrary feeds, not evidence of malice.
Install Mechanism
No install spec; the skill is instruction-only plus a local JS script. No external downloads or package installs are required to run the provided scripts (the code implements its own HTTP fetch and XML parsing). SKILL.md suggests 'npm install xml2js node-fetch' but the shipped script does not actually depend on them — this is a documentation inconsistency, not an installer risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script only reads/writes a local feeds.json in the skill data directory.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It writes its own feeds.json under the skill directory (no attempt to modify other skills or global agent settings).
Assessment
This skill appears to do what it says, but review a few points before installation: (1) SKILL.md and the code disagree — the doc suggests external dependencies and a parse-feed.js that are not present; you don't need to install xml2js/node-fetch to run the included script. (2) The script fetches arbitrary URLs and follows redirects — avoid adding untrusted URLs and do not run the script as root or in an environment with sensitive internal network access (SSRF risk). (3) The data file is written to data/feeds.json inside the skill; check that location and backup or sandbox it if you care about where feed state is stored. (4) If you plan to cron it, run as a least-privileged user and update the cron path to your actual install location. If you want stronger assurance, ask the publisher for the missing parse-feed.js or an explanation for the documented dependencies and verify the full code before granting long-running or privileged execution.Like a lobster shell, security has layers — review code before you run it.
latest
RSS Reader
Monitor any RSS/Atom feed for content ideas, competitor tracking, and industry news.
Quick Start
# Add a feed
node scripts/rss.js add "https://example.com/feed.xml" --category tech
# Check all feeds
node scripts/rss.js check
# Check specific category
node scripts/rss.js check --category tech
# List feeds
node scripts/rss.js list
# Remove a feed
node scripts/rss.js remove "https://example.com/feed.xml"
Configuration
Feeds stored in rss-reader/feeds.json:
{
"feeds": [
{
"url": "https://example.com/feed.xml",
"name": "Example Blog",
"category": "tech",
"enabled": true,
"lastChecked": "2026-02-22T00:00:00Z",
"lastItemDate": "2026-02-21T12:00:00Z"
}
],
"settings": {
"maxItemsPerFeed": 10,
"maxAgeDays": 7,
"summaryEnabled": true
}
}
Use Cases
Content Research
Monitor competitor blogs, industry publications, and thought leaders:
# Add multiple feeds
node scripts/rss.js add "https://competitor.com/blog/feed" --category competitors
node scripts/rss.js add "https://techcrunch.com/feed" --category news
node scripts/rss.js add "https://news.ycombinator.com/rss" --category tech
# Get recent items as content ideas
node scripts/rss.js check --since 24h --format ideas
Newsletter Aggregation
Track newsletters and digests:
node scripts/rss.js add "https://newsletter.com/feed" --category newsletters
Keyword Monitoring
Filter items by keywords:
node scripts/rss.js check --keywords "AI,agents,automation"
Output Formats
Default (list)
[tech] Example Blog - "New Post Title" (2h ago)
https://example.com/post-1
[news] TechCrunch - "Breaking News" (4h ago)
https://techcrunch.com/article-1
Ideas (content research mode)
## Content Ideas from RSS (Last 24h)
### Tech
- **"New Post Title"** - [Example Blog]
Key points: Point 1, Point 2, Point 3
Angle: How this relates to your niche
### News
- **"Breaking News"** - [TechCrunch]
Key points: Summary of the article
Angle: Your take or response
JSON (for automation)
node scripts/rss.js check --format json
Popular Feeds by Category
Tech/AI
https://news.ycombinator.com/rss- Hacker Newshttps://www.reddit.com/r/artificial/.rss- r/artificialhttps://www.reddit.com/r/LocalLLaMA/.rss- r/LocalLLaMAhttps://openai.com/blog/rss.xml- OpenAI Blog
Marketing
https://www.reddit.com/r/Entrepreneur/.rss- r/Entrepreneurhttps://www.reddit.com/r/SaaS/.rss- r/SaaS
News
https://techcrunch.com/feed/- TechCrunchhttps://www.theverge.com/rss/index.xml- The Verge
Cron Integration
Set up daily feed checking via heartbeat or cron:
// In HEARTBEAT.md
- Check RSS feeds once daily, summarize new items worth reading
Or via cron job:
clawdbot cron add --schedule "0 8 * * *" --task "Check RSS feeds and summarize: node /root/clawd/skills/rss-reader/scripts/rss.js check --since 24h --format ideas"
Scripts
scripts/rss.js- Main CLI for feed managementscripts/parse-feed.js- Feed parser module (uses xml2js)
Dependencies
npm install xml2js node-fetch
The script will prompt for installation if dependencies are missing.
Comments
Loading comments...