ClawHub
Back to skill
v1.0.0

industry-news-collector

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:01 AM.

Analysis

This is a coherent instruction-only news-gathering skill that uses public web search/fetching and shows no code execution, credential use, persistence, or account-changing behavior.

GuidanceInstall if you want the agent to browse public industry-news sources and produce summarized links. Expect multiple web searches/fetches per request, verify important news manually, and note the minor publisher-metadata inconsistency.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
多维度分层搜索(最少 8 次,建议 10-12 次)... 发现周报后,用 web_fetch 获取全文

The skill explicitly directs repeated web searching and fetching of full web pages. This is central to its stated news-collection purpose, but it means the agent will browse external sites and process public web content.

User impactThe agent may make several web requests per invocation and may summarize information from public pages that could be inaccurate or contain irrelevant text.
RecommendationUse it for public news gathering, verify important claims and links, and treat fetched web pages as source material rather than instructions to obey.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
_meta.json
"ownerId": "kn7fr165ff9vkkwsqyqrq2nwas80t4ev"

This packaged owner ID differs from the registry owner ID shown in the review metadata, and the skill has no source or homepage. Because the package is instruction-only with no executable code, this is a provenance note rather than a material security concern.

User impactAttribution is slightly inconsistent, which may make it harder to confirm who published or maintains the skill.
RecommendationPrefer installing skills from publishers you recognize, but the provided artifacts do not show executable or hidden behavior.