早播新闻
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill fetches and shares a public Zao Live news-audio link without requesting credentials, local files, installation, or persistent access.
This appears safe to install for its stated purpose. Be aware that it relies on Zao Live, and opening or sharing the generated link may allow that site to record ordinary access statistics.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may contact Zao Live and return a Zao Live share URL.
The skill's core action is a disclosed unauthenticated external API call to generate the share link; this is purpose-aligned and narrowly scoped.
GET https://zao.live/zaobo/newshare ... 无需参数 ... 无需认证
Use it if you are comfortable with the agent fetching a public link from zao.live; no extra permissions appear necessary.
Users who open the generated link may have normal web access metadata recorded by Zao Live.
The artifact discloses that the external platform may record access statistics for generated links.
访问统计:平台可追踪链接访问数据 ... 平台可能会记录链接的访问数据
Avoid opening or sharing the link if you do not want Zao Live to receive ordinary web access telemetry; otherwise this is expected for a hosted media link.