Plotlake
Analysis
Plotlake is a coherent feed-aggregation skill that uses disclosed curl calls to Plotlake's API, with only normal caution needed around sending feed URLs and managing remote channel subscriptions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
curl -s -X POST "$BASE/api/open/channels" ... curl -s -X POST "$BASE/api/open/channels/$CHANNEL_ID/subscribe-bundle?bundle_id=ai_starter" ... curl -s -X DELETE "$BASE/api/open/channels/$CHANNEL_ID/sources/$SOURCE_ID"
The skill documents direct API calls that create channels, subscribe bundles, and delete sources on the Plotlake service.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
**API 地址:`https://api.plotlake.com`** ... 提交任意 URL(RSS 地址、网站首页),系统自动发现 feed
The skill sends configured source URLs and channel requests to an external Plotlake API, which is disclosed and central to the feed-subscription purpose.