Skillv3.15.0

ClawScan security

Dinstein Tech News Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 7:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a tech-news digest pipeline: it needs python3, optionally uses web/API keys for its data sources, reads/writes the repo/workspace and /tmp, and instructs the agent to run the included scripts; nothing requested appears unrelated to the stated purpose, but there are a few documentation/metadata mismatches and normal network/privacy considerations to review before installing.
Guidance: This skill appears to do what it claims: run the included Python pipeline to fetch and merge news from many public sources and then format/send digests. Before installing, review and consider the following: 1) Confirm whether the code base you install expects GETX_API_KEY (CHANGELOG added it) — if so, update SKILL.md metadata or avoid providing that key until you verify. 2) The pipeline makes outbound requests to third‑party services (twitterapi.io, GetXAPI, Brave/Tavily, GitHub, Reddit, arbitrary RSS feeds). Only provide API keys for providers you trust; prefer least-privilege tokens (scoped GitHub token). 3) Email delivery requires configuring a mail tool or Gmail CLI: ensure email sending credentials are configured securely (do not store secrets in repo files). 4) The skill reads <workspace>/archive/tech-news-digest/ to deduplicate prior digests — review/archive contents for any sensitive data you don't want processed. 5) If you plan to run this autonomously, audit the scripts (fetch-*.py, send-email.py, run-pipeline.py) locally first and run tests (python -m unittest) to verify behavior. 6) If you need stricter control, run the pipeline manually on a sandboxed host or container and avoid giving the agent network/credential access until you're comfortable with its behavior.

Review Dimensions

Purpose & Capability: okName/description (news digest from RSS, Twitter/X, GitHub, Reddit, web) matches the included scripts and templates. Required binary (python3) and optional tools (mail, gog, weasyprint, openssl) are appropriate for fetching data, generating PDF, and sending mail/Discord. There are no requested env vars or binaries unrelated to the stated purpose (no AWS/GCP secrets, etc.).
Instruction Scope: noteSKILL.md instructs the agent to run the repo's pipeline scripts, read default/override configs and the workspace archive, produce /tmp outputs and saved archives, and deliver via Discord or email. This is within scope, but the pipeline performs network I/O to many third‑party APIs (X/twitterapi.io/getxapi, Brave/Tavily, GitHub, Reddit, arbitrary RSS/HTTP). Reviewers should expect the agent to make many outbound requests and to include any workspace archive files in deduplication checks (SKILL.md explicitly reads <workspace>/archive/tech-news-digest/). The instructions also emphasize not interpolating untrusted content into shell args (good).
Install Mechanism: okThere is no install script provided by the skill (instruction-only install spec), and all code lives in the repo. No downloads from untrusted URLs or archive extraction are declared. Risk from installation is low — running the skill requires executing the included Python scripts locally (so review code before running).
Credentials: noteNo required env vars; a number of optional credentials are declared for legitimate reasons (X_BEARER_TOKEN, TWITTERAPI_IO_KEY, BRAVE_API_KEY(S), TAVILY_API_KEY, GITHUB_TOKEN, GH_APP_* vars). These are proportional to the multiple external data sources. One minor inconsistency: the CHANGELOG mentions a newly added GETX_API_KEY env var (GetXAPI backend) but that env var is not present in the SKILL.md frontmatter shown — this mismatch should be clarified (the code may accept GETX_API_KEY even if SKILL.md metadata wasn't updated).
Persistence & Privilege: okalways: false and user-invocable: true — the skill is not force-included in all agents. It reads/writes its own workspace archive and /tmp files only. It does not request system-wide configuration changes or other skills' credentials. Autonomous invocation is allowed by default on the platform but is not a special privilege requested by this skill.