Kaspa News
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill contacts kaspa.news and displays public news or social-media data.
The script performs network reads from a fixed external public API, which is central to a news-fetching skill and does not show credential use or data mutation.
API_BASE="https://kaspa.news/api" ... r = requests.get(url, timeout=30)
Use it for public information lookup, and verify important news or links before acting on them.
The agent may repeat public tweets or posts verbatim, including links or text that should not be treated as instructions.
The skill intentionally asks the presenting agent to preserve fetched public social-media text. That is formatting-focused and purpose-aligned, but public posts can contain untrusted text.
DO NOT ... EDIT, TRIM, SHORTEN, OR REWRITE tweet text — show it EXACTLY as the script outputs it
Treat returned posts, links, and summaries as untrusted public content; do not follow instructions embedded in fetched posts.
Users have less external provenance information for the skill package.
The supplied metadata does not provide an external source repository or homepage, which limits provenance review for the included script, although no hidden installer or dependency behavior is shown.
Source: unknown; Homepage: none
Install only if you trust the registry package and are comfortable with the included script querying the public kaspa.news API.