Back to skill
Skillv2.0.0
ClawScan security
News Briefing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 1:25 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, env vars, and runtime behavior are consistent with a Feishu-targeted news-briefing: it searches Perplexity, optionally calls PPIO for analysis, and posts cards to Feishu — nothing in the bundle looks like intentional misdirection, though there are a few implementation quirks and operational risks to be aware of.
- Guidance
- This skill appears to do what it claims: search Perplexity, optionally call PPIO for insights, and post formatted cards to Feishu. Before installing or running it, consider: 1) You must provide FEISHU and PERPLEXITY (and optionally PPIO) API keys — grant least privilege and avoid using high-priv production credentials until you trust it. 2) The scripts use execSync and shell-constructed curl commands, which can be brittle and risk command injection if untrusted input is fed into the CLI; prefer running with controlled topic strings or sanitizing inputs. 3) gen-cover uses hard-coded system paths (pnpm global path, /root workspace, system fonts) and may fail or behave unexpectedly; run cover generation in a sandbox or skip it if you don't need images. 4) Test in a safe environment and verify Feishu messages go only to intended recipients (use dry-run and TARGET_USER_ID) before enabling scheduled runs with real credentials.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md description (real-time news search, Chinese summaries, Feishu cards) matches the code: fetch-news calls Perplexity, optional PPIO for insights, and send-card posts to Feishu. Required secrets in the README (FEISHU_APP_ID/SECRET, PERPLEXITY_API_KEY, optional PPIO_API_KEY) are exactly those the scripts use. Minor inconsistency: registry metadata listed 'Required env vars: none' while SKILL.md and scripts do require keys.
- Instruction Scope
- noteInstructions and scripts stay within the advertised scope (search, summarize, generate insight, send card). The code performs network calls to specified third-party APIs and writes/reads local files for outputs. Notable implementation concerns: many network calls are executed via shell (execSync + curl), which can be fragile and create command-injection risks if untrusted inputs are passed into shell commands; gen-cover writes to a root workspace path and constructs a large node -e command that embeds code, which is brittle and may execute unexpectedly in some environments.
- Install Mechanism
- noteNo install spec (instruction-only), so nothing is automatically downloaded during install — lower risk. However, scripts assume Node and curl are available and gen-cover references a hard-coded pnpm/global module path for @napi-rs/canvas and system font paths; that is brittle and may fail or require manual dependency setup. There is no external archive URL or obscure downloader in the manifest.
- Credentials
- okRequested environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET, PERPLEXITY_API_KEY, optional PPIO_API_KEY, HTTPS_PROXY, TARGET_USER_ID) are proportional to the stated functionality. The code only uses these variables and standard HTTP proxy vars; it does not request unrelated credentials.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or global configs. It writes a cover image into its own workspace path and otherwise runs as ephemeral scripts — no unusual persistence or elevated privileges are requested.