ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ORF

On-demand ORF news digest in German. Use when the user says 'orf', 'pull orf', or 'orf 10'. Focus on Austrian politics (Inland) and international politics (Ausland) + major headlines; exclude sports. Send each item as its own message (Title + Age + Link). Then generate a Nano Banana image in a cartoon ZiB studio with the anchor presenting the news, plus subtle Easter eggs based on the selected stories.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.8k · 2 current installs · 2 all-time installs
by@cpojer
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Functionality (fetch ORF RSS, filter politics, produce an image) matches the description. Generating an image via a third-party image API (Nano Banana / Gemini) is plausible for the described 'Nano Banana' image requirement, but the skill's metadata declares no required credentials even though the image code requires a GEMINI_API_KEY or an apiKey stored in ~/.openclaw/openclaw.json — an undeclared dependency.
Instruction Scope
SKILL.md instructions are specific and limited to: parse the user request, run the included orf.py to fetch and rank RSS items, use zib_prompt.mjs to build an image prompt, and run the provided generate script to produce the image. The fallback to a browser tool to pick headlines is noted; that is within scope for a news fetcher.
!
Install Mechanism
There is no declared install spec, but the provided shell script (generate_zib_nano_banana.sh) will create a virtualenv at ./tmp/orf-venv and run 'pip install google-genai pillow' at runtime. This performs network installs from PyPI and writes files to disk (venv and generated image). The script also requires node (zib_prompt.mjs is invoked via node) though the metadata lists no required binaries. On-demand installs and creating local venvs are moderate risk and should be disclosed.
!
Credentials
The code tries to load an API key via the GEMINI_API_KEY environment variable or by reading ~/.openclaw/openclaw.json and extracting skills.entries.nano-banana-pro.apiKey. The skill metadata lists no required env vars or credentials. Reading the user's ~/.openclaw/openclaw.json file is more intrusive than merely requiring a single explicit API key: even though the code attempts to read one nested key, it reads the entire config file which may contain other secrets. This is a mismatch and a privacy risk unless intentional and documented.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes a temporary virtualenv and output image under the working directory (./tmp/orf-venv, ./tmp/orf-zib) but does not appear to persistently alter global configs or enable itself automatically.
What to consider before installing
This skill appears to implement the advertised ORF digest and to generate a studio image, but it has runtime behaviors not declared in the metadata. Before installing or running it, consider: 1) The image generator requires a Gemini/Nano-Banana API key (GEMINI_API_KEY) or it will try to read ~/.openclaw/openclaw.json for nano-banana-pro.apiKey — if you keep other secrets in that file, prefer setting GEMINI_API_KEY explicitly or inspect the script. 2) The generate script will create a local virtualenv and pip-install packages (google-genai, pillow) and requires node to run the prompt builder; ensure you’re comfortable with these on-demand installs and have node/python available. 3) If you want to limit exposure, run the skill in a sandboxed environment (or inspect and modify scripts to remove the config-file read, or require an explicit env var). If the publisher can update the skill metadata to declare the GEMINI_API_KEY requirement and document the venv/node usage, that would make the package clearer and safer.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97cah5e67jqh4fj4q0dj46jsx80cxc8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ORF Digest (news.orf.at)

Command format

Interpret a user message that starts with orf as a request for an ORF News digest.

Supported forms:

  • orf → default 5 items
  • orf <n> → n items (max 15)
  • orf inland / orf ausland → bias selection
  • orf <n> inland|ausland → both

Source + scope

  • Primary source: news.orf.at (German)
  • Prefer: Inland politics, Ausland / international politics, and major headlines.
  • Exclude: sports (Sport).

Output requirements

  • Do not send any extra commentary/preamble/epilogue.
  • Send results as individual messages.
  • Each item message must be exactly:
    • first line: the headline (German)
    • second line: <age> (e.g. 45m ago, 6h ago, 2d ago)
    • third line: the ORF link
  • After the item messages, send one final message with the generated image.
    • The image must visually incorporate the pulled news on the wraparound studio video wall using 4–6 distinct story panels.
    • Panel layout (must):
      • TOP: big bold text (1–2 words, ALL CAPS). You must invent this.
      • MIDDLE: smaller text (3–6 words) that describes the story. You must invent this.
        • The two lines must not form a connected sentence.
        • Avoid repeating the same words between the two lines.
      • BOTTOM: exactly 1–2 simple icons (no maps, no busy collages)
      • Icon variety: make icons distinct across panels whenever possible.
        • Do not reuse the same icon pair across multiple panels.
        • Avoid overusing generic icons (e.g. globe + pin); only use them when no better match exists.
    • Readability: keep text minimal and large enough to render cleanly.
    • No logos/watermarks.
    • If the chat provider requires non-empty text for media, use a minimal caption ..

Procedure

  1. Parse n and optional focus (inland|ausland) from the user message.
  2. Run python3 skills/orf-digest/scripts/orf.py --count <n> --focus <focus> --format json.
  3. Send each returned item as its own message (3-line format).
  4. Generate the ZiB studio mood image via Nano Banana:
    • Build prompt from items: python3 skills/orf-digest/scripts/orf.py --count <n> --focus <focus> --format json | node skills/orf-digest/scripts/zib_prompt.mjs
    • Generate: skills/orf-digest/scripts/generate_zib_nano_banana.sh ./tmp/orf-zib/zib.png
    • Send image as final message.

If fetching/parsing fails or returns 0 items:

  • Use the browser tool to open https://news.orf.at/, pick N non-sport headlines by judgment, and send them in the same 3-line format.
  • Still generate a ZiB studio image with a few generic political-news Easter eggs.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…