News Aggregator Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: news-aggregator-skill Version: 0.1.0 The skill is classified as suspicious primarily due to prompt injection instructions found in `SKILL.md`. Specifically, the 'Smart Keyword Expansion' section explicitly instructs the AI agent to automatically expand and modify the user's input keywords (e.g., 'AI' -> 'AI,LLM,GPT,...') before executing the `fetch_news.py` script. While the stated intent is to broaden search results, this constitutes an instruction for the agent to override or augment user input, which is a form of prompt manipulation. Additionally, the `scripts/fetch_news.py` performs extensive web scraping, including fetching content from arbitrary article URLs if the `--deep` flag is used, which is a high-risk capability, though it appears to be aligned with the skill's stated purpose and lacks direct malicious indicators like exfiltration or arbitrary code execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or manipulative article page could try to influence the agent's summary or behavior if its text is over-trusted.
The skill intentionally brings article text from external websites into the agent's context for analysis. That is central to the news-analysis purpose, but the fetched text is untrusted web content and should be treated as data, not as instructions.
`--deep`: **[NEW]** Enable deep fetching. Downloads and extracts the main text content of the articles.
Treat fetched article content as untrusted source material and ignore any instructions embedded inside articles or pages.
Using the global deep scan can generate many web requests and retrieve content from third-party websites.
The skill asks the agent to run a local Python helper that performs a broad multi-source fetch. This is disclosed and aligned with a news aggregator, but users should understand that the command contacts multiple external sites.
python3 scripts/fetch_news.py --source all --limit 15 --deep
Use narrower sources or lower limits when you want less network activity, and review generated reports before relying on them.
Future installs may resolve different package versions than the author tested.
The Python dependencies are common and purpose-aligned, but they are not version-pinned. The registry also provides no formal install spec even though the README describes pip-based setup.
requests beautifulsoup4
Prefer pinned dependency versions or install in an isolated environment if reproducibility matters.
Invisible formatting characters could make instruction text harder to inspect accurately.
The scan signal indicates invisible or rendering-affecting Unicode characters in the skill instructions. The provided visible content does not show a deceptive instruction, but such characters can make reviews harder.
Pre-scan injection patterns were detected in the SKILL.md content: unicode-control-chars
Normalize or inspect SKILL.md for invisible Unicode control characters before publishing or installing in a sensitive environment.