ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gamer-news-skill

v1.0.0

Fetch and summarize the latest video game news from major gaming outlets (IGN, Kotaku, GameSpot, Polygon, Eurogamer, Rock Paper Shotgun, VG247, Gematsu, Play...

0· 633·0 current·0 all-time
byYeonwoo Jo@byeolbit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim to fetch and summarize gaming news and the SKILL.md only requires reading public RSS feeds and (on demand) visiting article URLs — which is exactly what you'd expect for this skill. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are limited to fetching specified RSS feed URLs, parsing feed fields, deduplicating, and optionally fetching article pages for deeper summaries. The instructions do not ask the agent to read local files, environment variables, or send data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk or downloaded by the installer. That minimizes on-disk risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its network access to public RSS feeds and article URLs is proportionate to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable (default). It can be invoked autonomously by the agent (platform default) but does not request permanent presence, elevated privileges, or modify other skills or system settings.
Assessment
This skill appears low-risk and coherent: it only fetches public RSS feeds and article pages and asks for no credentials. Before installing, consider that it will make outbound network requests (which reveal the agent's IP to feed hosts and visited sites), may fetch linked content that could include trackers, and will summarize copyrighted articles (ensure that use fits your policy). If you want extra assurance, review the GitHub repo linked in the SKILL.md for any hidden code or recent changes before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784xcqm860wjbypstn4nw39981c00d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments