BBC News
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward BBC RSS news reader; the only notable issue is a manually installed, unpinned Python dependency.
This skill appears safe for its stated purpose: it fetches public BBC RSS headlines and displays them. Before installing, be comfortable with adding the Python feedparser dependency, ideally in an isolated environment. No credentials are needed.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency pulls third-party Python package code into the local environment before the skill can run.
The skill depends on a manually installed, unpinned Python package. This is disclosed and central to parsing RSS feeds, but it is still a supply-chain/provenance point users should notice.
# Install dependencies pip3 install feedparser
Install the dependency from a trusted source, preferably in a virtual environment, and consider pinning or reviewing the feedparser version if supply-chain control matters.