Skillv1.0.0

ClawScan security

botlearn-rss-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 11:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (aggregating, deduplicating, scoring, clustering RSS/Atom feeds and producing digests) matches the provided instructions and files; there are no unexplained credential requests or install actions.
Guidance: This skill appears coherent and matches its stated purpose, but keep these practical points in mind before installing: (1) It will perform outbound HTTP requests to feeds and to linked article URLs (including following redirects and conditional GETs), so any private or internal feed URLs you add could be fetched — avoid supplying sensitive URLs without appropriate access controls. (2) The skill documents storing per-feed metadata and a user interest profile (click tracking, polling history) — understand where that data will be stored and who can access it. (3) There are no required credentials or installers packaged with the skill, but the package metadata points to a GitHub repository; if provenance matters, verify the repository and maintainer before trusting the skill. (4) If you expect the agent to fetch content from sites on a private network or behind authentication, confirm how credentials would be provided and whether you prefer running the skill in a restricted/sandboxed environment. Overall: functionality is consistent with its description, but review network/privacy implications and source provenance before enabling.

Review Dimensions

Purpose & Capability: okThe name/description match the SKILL.md and knowledge/strategies files: parsing feeds, multi-signal deduplication, scoring, clustering, and digest assembly are all explicitly described. The manifest and package.json are consistent with an instruction-only RSS aggregator and do not request unrelated system access or credentials. (Minor metadata note: the top-level metadata said 'Homepage: none' but package.json includes a GitHub homepage URL — this is a minor inconsistency in packaging metadata, not a functional mismatch.)
Instruction Scope: noteRuntime instructions are narrowly scoped to feed ingestion, content extraction, deduplication, scoring, clustering, and digest assembly. They explicitly direct HTTP requests to feed URLs and (as a fallback) to linked article pages, maintain per-feed ETag/Last-Modified, and store feed health and user interest profile data. Fetching arbitrary feed/article URLs and following redirects is expected for this capability but has expected privacy/network implications (see user guidance). The instructions do not ask to read local files, environment secrets, or to post data to any unexpected external endpoints.
Install Mechanism: okNo install spec and no code files to execute are provided (instruction-only skill). This is lowest-risk from an install perspective: nothing is pulled or written to disk by a packaged installer. The package.json/manifest are metadata-only and list no dependencies.
Credentials: okThe skill declares no required environment variables, secrets, or config paths. The documented runtime behavior (polling feeds, conditional GETs, and maintaining local per-feed/user state) does not require additional external credentials. The skill does describe tracking user click behavior and building interest profiles — this implies local persistent storage but does not request secrets or cross-service credentials.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. It describes maintaining per-feed metadata (ETag, Last-Modified, health metrics) and user interest profiles, which is normal for a feed manager. It does not instruct modifying other skills or global agent settings.