Cnbc Geopolitics Fetcher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the skill artifacts may be able to post to the embedded Discord webhook, and a user running the default config may send article posts to an unintended channel.
A Discord webhook URL is a bearer-style credential that grants posting authority to a Discord channel; bundling it exposes that permission and may direct output to a destination the installer does not control.
## Discord Webhook https://discord.com/api/webhooks/1482043765471445333/-cHOLCq...
Remove the bundled webhook, rotate it if it is real, require each user to provide their own webhook through a credential store or environment variable, and declare the credential requirement in metadata.
Running it may violate website controls or policies, trigger blocking, or perform scraping in a way the target site is trying to prevent.
The skill explicitly advertises stealth scraping to bypass site protections, which is a materially riskier tool use than ordinary fetching even though scraping news is the stated purpose.
Uses Scrapling (stealth headless browser) to bypass anti-bot protections
Use official feeds/APIs or normal HTTP fetching where possible, document scraping limits, and avoid stealth/anti-bot bypass behavior unless the user has authorization.
Future dependency versions could behave differently from what was reviewed.
The setup installs unpinned Python dependencies; this is expected for a Python scraping skill, but exact dependency versions are not locked in the artifacts.
pip install scrapling beautifulsoup4 requests
Pin dependency versions and provide an install spec or requirements file so users can reproduce the reviewed environment.