News Aggregator Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A report may include older or broader items than the user strictly requested.
The skill tells the agent to expand beyond the user's exact time window when results are sparse. It also requires annotation, so this is disclosed behavior, but users should know reports may include out-of-window items.
If the user requests a specific time window ... and the results are sparse (< 5 items) ... you MUST include high-value/high-heat items from a wider range
If strict filtering is needed, ask for a strict time window or strict keyword match; the skill author could add an explicit strict-mode instruction.
Installation depends on external package/source resolution, which can change over time.
The README documents remote installation and Python dependency installation even though the registry lists no install spec. This setup is normal for a Python helper, but users should verify the source and dependency file before installing.
npx skills add https://github.com/cclank/news-aggregator-skill ... pip install -r requirements.txt
Install from a trusted copy, review requirements.txt, and consider pinning dependency versions in a virtual environment.
Article content could influence summaries if the agent treats embedded instructions as commands rather than source text.
Deep mode fetches and extracts text from external article pages, then returns that content for agent analysis. Public web text is untrusted context and could contain text that looks like instructions.
response = requests.get(url, headers=HEADERS, timeout=5) ... soup.get_text(separator=' ', strip=True) ... return text[:3000]
Treat fetched article text as data only; do not follow instructions embedded in articles or fetched pages without separate user confirmation.
Saved reports may reveal news interests or topics the user asked about if others can access the local project directory.
The skill creates persistent local report files. This is disclosed and aligned with the reporting purpose, but users should know outputs may remain on disk.
Always save the full report to `reports/` directory with a timestamped filename
Store reports in an appropriate project folder and delete or protect them if the topics are sensitive.