geeknews-bot
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent news-to-Telegram automation skill, with the main things to notice being user-supplied API credentials and optional daily cron execution.
This skill looks safe for its stated purpose if you are comfortable providing a Telegram bot token/chat ID and, for the automated helper, an Anthropic API key. Keep those credentials secret, use a dedicated bot with limited access, and enable cron only if you want unattended daily posting.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If cron is enabled, the bot may send an AI-generated daily brief to the configured Telegram chat without manual review each morning.
The helper script chains an external AI/web-search API call into a Telegram send action. This is purpose-aligned, but users should understand that scheduled runs can post generated content automatically.
RESPONSE=$(curl -s https://api.anthropic.com/v1/messages ... "web_search_20250305" ...); ... python3 "${SCRIPT_DIR}/send_telegram.py" --message-file "$OUTPUT_FILE"Use the automation only for chats where automated posting is acceptable, and consider reviewing the generated message manually before enabling cron for public or high-visibility channels.
Anyone who can access these environment variables could potentially use the Telegram bot or Anthropic account within their granted permissions.
The script depends on Telegram credentials and may use an Anthropic API key. These credentials are expected for the described service, but they grant posting/API-use authority and are not declared in the registry metadata.
if [[ -z "${TELEGRAM_BOT_TOKEN:-}" ]] || [[ -z "${TELEGRAM_CHAT_ID:-}" ]]; then ... if [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then ... -H "x-api-key: ${ANTHROPIC_API_KEY}"Store tokens securely, use a dedicated Telegram bot with limited chat access, monitor API usage, and revoke/rotate keys if they may have been exposed.
After cron setup, the skill can continue running and sending Telegram messages daily until the schedule is removed.
The skill explicitly supports recurring scheduled execution. This is disclosed and central to the daily-brief purpose, but it is persistent automation once the user installs the cron entry.
cron이나 스케줄러와 결합해 매일 오전 8시 자동 실행에도 사용한다.
Only add the cron job intentionally, run it under a non-privileged account, and document how to disable it if the daily brief is no longer wanted.