WeWeRSS
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently uses curl/jq to manage WeWeRSS subscriptions and fetch articles, with normal caution around using a trusted server URL and confirming subscription changes.
Before installing, choose a trusted WEWERSS_BASE_URL, remember that adding or deleting sources changes the configured WeWeRSS channel, and avoid submitting private or internal URLs unless you intend that service to process them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help create or remove RSS source subscriptions on the configured WeWeRSS instance if the user follows or authorizes those commands.
The skill documents API calls that create and delete server-side WeWeRSS resources. This is aligned with subscription management, but users should confirm channel/source IDs before mutation.
curl -s -X POST "$WEWERSS_BASE_URL/api/open/channels" ... curl -s -X DELETE "$WEWERSS_BASE_URL/api/open/channels/$CHANNEL_ID/sources/$SOURCE_ID"
Use the mutating commands deliberately, verify CHANNEL_ID and SOURCE_ID values, and avoid deleting sources unless that is the intended action.
Installation metadata may not warn users that they must configure a WeWeRSS service endpoint before using the skill.
SKILL.md marks a base URL environment variable as required, while the registry metadata declares no required environment variables. This is a minor declaration mismatch rather than hidden behavior.
`WEWERSS_BASE_URL` — WeWeRSS 实例地址(必填)
Configure WEWERSS_BASE_URL only to a trusted WeWeRSS instance and consider updating metadata to declare this required setting.