Back to skill
Skillv1.0.0
ClawScan security
Ai News Collector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 2:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only news-aggregation skill whose required actions (web searches, fetching public articles, deduplication, ranking) match its description and request no credentials or installs.
- Guidance
- This skill is coherent and does not ask for credentials or install code, but it will perform many web searches and fetch public webpages on demand. Only install if you are comfortable letting the agent browse external sites for news. Note it may encounter paywalled content (the instructions say to mark '需订阅' rather than bypass), and it can surface copyrighted material as article summaries — consider your organization’s policies on web access and content reuse. If you need stricter controls, restrict the agent’s web_fetch capability or review how fetched content is stored and shared before enabling the skill.
Review Dimensions
- Purpose & Capability
- okThe name/description (AI news aggregation and heat-ranking) aligns with the instructions and the provided source list. No unexpected credentials, binaries, or installs are requested.
- Instruction Scope
- noteThe SKILL.md directs many layered web searches (8–12+), fetching article content (mentions using web_fetch), cross-checking sources, and merging duplicates — all consistent with aggregation. This will cause the agent to access many external URLs, which is expected for this purpose but broad in scope; it does not instruct reading local files, accessing secrets, or transmitting results to unknown endpoints.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or installed by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — the level of access requested is minimal and appropriate for a public-web news aggregator.
- Persistence & Privilege
- okalways is false and there is no request to modify other skills or system settings. Autonomous invocation is allowed by platform default but is not combined with elevated privileges.