ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

News Aggregator Skill

v0.1.0

Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, and Weibo. Best for 'daily scans', 'tech news briefings', 'finance updates', and 'deep interpretations' of hot topics.

19· 7.8k·96 current·102 all-time
by@cclank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included Python scraper: the code fetches Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent, WallStreetCN, V2EX and Weibo and supports a '--deep' mode to download article text. No credentials or unrelated env vars are requested. The only mild mismatch: SKILL.md strongly pushes automatic expansive keyword expansion (making queries far broader than a user's simple request), which is a design choice that increases scope beyond a minimal aggregator.
!
Instruction Scope
SKILL.md contains strong 'MUST'/'CRITICAL' directives (auto-expansion of user keywords, 'Smart Fill' of items outside time windows, mandatory deep analysis for each item), instructs the agent to read templates.md and to save reports to reports/ (writes files). A pre-scan flagged 'unicode-control-chars' in SKILL.md (prompt-injection pattern) — this could be an attempt to manipulate agent behavior. The instructions also encourage broad fetching (Global Scan ~120 items) and deep fetching of article content, which may cause the agent to download and process many external pages beyond what the user explicitly asked for.
Install Mechanism
There is no automatic install spec — instruction-only with a Python script and a small requirements.txt (requests, beautifulsoup4). No arbitrary binary downloads or obscure installers detected. README suggests cloning from a GitHub repo (no homepage provided in registry metadata), so provenance is weak but installation mechanism itself is low-risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code uses public HTTP endpoints only. This is proportional for a web-scraping news aggregator.
Persistence & Privilege
always:false (normal). The skill instructs saving generated reports to a reports/ directory (writing files to disk) — expected for a reporting tool but worth noting if you run in an environment containing sensitive data. It does not request to modify other skills or global agent configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode injection characters were detected in SKILL.md. These are not necessary for a news-aggregator and may be intended to manipulate prompt parsing or agent behavior. Recommend inspecting SKILL.md and removing any invisible control characters.
What to consider before installing
This skill appears to implement the advertised aggregator, but exercise caution before installing: 1) Source provenance is weak (no homepage, repo ownership unclear) — prefer code from a known repository. 2) SKILL.md contains prompt-injection-like unicode control characters; inspect and remove them before use. 3) The skill's 'Global Scan' and automatic keyword expansion can fetch and analyze a large number of pages (including arbitrary article URLs discovered during scraping) — run it in a sandbox or container and avoid enabling autonomous invocation on agents that have access to sensitive systems. 4) If you will use '--deep', be aware it downloads page content (up to 3000 chars) which could include tracking code or sensitive snippets; consider disabling deep fetch or restricting to a whitelist of domains. 5) Review scripts/fetch_news.py for any hidden behavior (the provided code looks like standard scraping but audit the truncated parts, e.g., Product Hunt fetcher). 6) If you decide to proceed, restrict the skill's permissions, run it in an isolated environment, and monitor outbound network activity and files created under the reports/ directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk971tfwrkk7qnx2sdwe5m0ne017zzw8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments