tech-news-digest
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate tech-news digest skill, but it can use optional service credentials, schedule recurring delivery, and send digests to channels or email.
Before installing, decide which delivery targets and schedules you actually want, provide only the API keys needed for the sources you enable, prefer least-privilege credentials, and keep the archive and workspace config limited to this digest workflow.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad credentials are supplied, the agent may have more account authority than is necessary for reading public tech-news sources.
The skill can use optional provider credentials, including a GitHub token and GitHub App private key file, to access source APIs.
- name: GITHUB_TOKEN
required: false
description: GitHub token for higher API rate limits ... - name: GH_APP_KEY_FILE
required: false
description: Path to GitHub App private key PEM fileUse narrowly scoped, read-only or public-data credentials where possible, and avoid providing a GitHub App private key unless you specifically need that authentication path.
The agent can post generated content to a Discord channel or send it by email when configured to do so.
The skill instructs the agent to use messaging and email-delivery tools to publish the generated digest.
1. **Discord**: Send to `<DISCORD_CHANNEL_ID>` via `message` tool ... Send email with PDF attached using the `send-email.py` script
Confirm channel IDs, recipients, and delivery frequency before enabling delivery, especially for public or team channels.
If a schedule is created, the digest may continue running and posting until the user disables it.
The README presents recurring scheduled operation as a normal use case.
"Install tech-news-digest and send a daily digest to #tech-news every morning at 9am" ... "Your bot handles installation, configuration, scheduling, and delivery"
Only create recurring schedules after explicit user approval, and keep a clear way to review, pause, or delete the schedule.
Old archived digests can influence future deduplication and follow-up story selection.
The skill stores and reuses prior digest content as persistent context for future runs.
Read the most recent file from `<WORKSPACE>/archive/tech-news-digest/` to avoid repeats and follow up on developing stories ... Save to `<WORKSPACE>/archive/tech-news-digest/<MODE>-YYYY-MM-DD.md`.
Keep the archive directory scoped to this skill, and review or clear archived files if they contain mistakes or content you do not want reused.
Installing dependencies brings in third-party packages, which is normal for this Python-based workflow but should be done intentionally.
The README documents user-directed Python package installation for optional or enhanced functionality.
pip install -r requirements.txt ... pip install feedparser>=6.0.0 jsonschema>=4.0.0 ... pip install weasyprint
Install dependencies in a controlled Python environment and review the dependency list before adding optional packages such as PDF support.