aiinsight-daily-new
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its RSS-to-webhook purpose, but its script can expose webhook tokens in logs and unsafely embeds user-controlled values into Python code.
Review or fix the script before installing. Use only numeric count values and trusted RSS URLs, avoid printing webhook URLs, rotate any exposed webhook tokens, and install required Python dependencies only from trusted sources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted count or RSS URL value could run unintended Python code with the user's local permissions when the script is invoked.
The unquoted heredoc expands shell variables directly into Python source. COUNT comes from the command argument and RSS_URL can come from the environment, so crafted quotes or newlines could alter the Python program rather than just act as data.
python3 << EOF ... url = "$RSS_URL" ... count = int("$COUNT")Use a quoted heredoc or pass values as command-line arguments/environment variables read inside Python, validate COUNT as a numeric value, and validate or restrict the RSS URL.
Someone who can read the agent output or logs may learn enough of a webhook URL/token to post to the user's notification or team channel.
Webhook URLs commonly embed access tokens or robot keys. Printing the first 60 characters can expose those secrets in terminal output, agent transcripts, or logs.
webhooks = os.environ.get('AI_DAILY_WEBHOOKS', '') ... print(f"✅ 推送成功: {wh[:60]}...") ... print(f"❌ 推送失败: {wh[:60]}...\\n Error: {e}")Do not print webhook URLs; log only the provider/host or a masked value, and rotate any webhook token that may already have been exposed.
Configured webhook destinations will receive the generated daily summary, and any misconfigured or untrusted URL will receive it too.
The skill sends the generated RSS summary to every URL listed in AI_DAILY_WEBHOOKS. This is disclosed and purpose-aligned, but it is still an external webhook data flow.
for wh in webhooks.split(): ... req = urllib.request.Request(wh, data.encode('utf-8'), headers)Configure only trusted webhook URLs and review the list before using multi-channel push.
The skill may fail until the user installs missing dependencies, which can lead to ad-hoc package installation from an unreviewed source.
The script depends on python3 and the feedparser package, while the provided requirements declare no required binaries or install steps. This is likely an incomplete dependency declaration rather than hidden behavior.
python3 << EOF import feedparser
Declare python3 and the required Python package explicitly, preferably with pinned versions and trusted installation instructions.