follow-aibuilders
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its AI-news digest purpose, but it can use sensitive Twitter authentication and local browser cookies that are not clearly declared in the registry metadata.
Install only if you are comfortable running local scripts that fetch public X, YouTube, and blog content. Start with guest/no-cookie mode. If you enable RETTIWT_API_KEY or YT_DLP_COOKIES, use a separate low-risk account or browser profile, inspect the .env file, and install yt-dlp/npm dependencies from trusted sources.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill may use your logged-in browser session to access YouTube, exposing session material to yt-dlp and making requests as your account.
The code can pass a local browser profile or cookies file to yt-dlp. Browser/session cookies are high-impact credential material, and the registry metadata declares no env vars or credentials.
const cookieSource = process.env.YT_DLP_COOKIES; ... return ['--cookies-from-browser', cookieSource.toLowerCase()]; ... return ['--cookies', cookieSource];
Prefer running without browser cookies. If cookies are necessary, use a dedicated low-risk browser profile or cookies file and review the .env setting before each use.
A saved API key could let the skill make authenticated X/Twitter requests, and the key remains on disk until removed.
The CLI can store a Twitter/Rettiwt API key in a local .env file for user-authenticated X access. This is optional and purpose-aligned, but it is a credential.
const rettiwtApiKey = args[0] || ''; ... RETTIWT_API_KEY=${rettiwtApiKey} ... await writeFile(ENV_PATH, envContent);Use guest auth when possible. If you add a key, use a separate account/key, avoid sharing the .env file, and delete it when no longer needed.
The skill depends on a local executable and will run it with arguments derived from configured YouTube sources.
The skill runs the local yt-dlp binary. This is expected for fetching YouTube metadata/subtitles and uses execFile rather than a shell.
import { execFile as execFileCb } from 'child_process'; ... await execFile('yt-dlp', args, { timeout: 60000, maxBuffer: 5 * 1024 * 1024 });Install yt-dlp only from a trusted source and keep the configured YouTube sources limited to sites you intend to fetch.
If dependencies are installed or updated, third-party package provenance affects what code runs locally.
The scripts rely on external npm packages, while the registry entry says there is no install spec. This is not malicious by itself, but users should be aware of the dependency chain.
"dotenv": "^16.4.0", "proper-lockfile": "^4.1.0", "rettiwt-api": "^3.1.1"
Install dependencies from a trusted registry, prefer the included lockfile, and avoid automatic dependency upgrades.
A malicious or joking source post could try to influence the digest wording or the agent's behavior.
The agent reads fetched public content and prompt instructions from the same generated JSON workflow. Public tweets, transcripts, and blog text can contain adversarial instructions even though they should be summarized as data.
JSON 结构包含: podcasts, x, blogs, prompts —— 要遵循的重新整理指令
Treat feed contents as untrusted source material. Do not obey instructions found inside tweets, transcripts, or blog posts.
The skill keeps a short local history of what feed items it has processed.
The skill persists seen tweet/video/article IDs locally to deduplicate future digests. This is purpose-aligned and bounded, but it is persistent state.
const STATE_PATH = join(PROJECT_DIR, 'state-feed.json'); ... // Prune entries older than 7 days ... await writeFile(STATE_PATH, JSON.stringify(state, null, 2));
Review or delete state-feed.json if you want to reset the digest history.