v1.0.1

PULSE Magazine

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

The skill mostly reads PULSE Magazine content, but it also lets an agent post comments to a remote site without clear confirmation guidance.

GuidanceThis is likely safe for reading PULSE articles, but review or restrict the comment tool before installing. Do not let an agent post comments unless you explicitly asked it to, verified the author name and content, and are comfortable sending that text to the PULSE website.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

pulse_tool.py

payload = {"author": author, "content": content}
response = requests.post(f"{BASE_URL}/api/v1/articles/{slug}/comments", json=payload)

The tool can publish agent-supplied text and author information to a remote article comment endpoint.

User impactAn agent could post a public or semi-public comment under a chosen author name if it invokes this tool, even though the main description sounds read-focused.

RecommendationOnly allow comment posting after explicit user approval, and the publisher should clearly label the skill as having external posting capability with confirmation or identity safeguards.