Claw RSS Feed Radar
v0.1.0Personal "news radar" skill built on top of a clawsqlite knowledge base and its interest clusters.
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the skill boots/uses a PyPI package named 'clawfeedradar', requires only python, and exposes actions (run_once / schedule_from_sources_json) that map directly to the upstream CLI. The requirement set (only python) is proportionate to the stated purpose.
Instruction Scope
The runtime wrapper only reads a JSON payload and runs 'python -m clawfeedradar.cli' with arguments, capturing JSON output. The wrapper itself does not read unrelated files or creds. However, the upstream package (invoked at runtime) will perform network requests (RSS fetching, scraping, embedding/LLM API calls, optional git publish) and will read your clawsqlite DB and any agent/host env vars used by clawfeedradar; users should assume those external behaviors occur even though they are delegated to the upstream CLI.
Install Mechanism
Install is a pip install of 'clawfeedradar>=0.1.0' (attempts system env then a workspace prefix). This is a standard mechanism; no downloads from arbitrary URLs or extract steps are present. Installing a PyPI package into a system Python is the main install action to be aware of.
Credentials
The skill declares no required env vars itself, which matches the wrapper. The SKILL docs explicitly state many env vars (EMBEDDING_*, CLAWSQLITE_ROOT, LLM/GIT publish settings) are required by the upstream package — this is expected for the functionality, but these are not requested by the wrapper. Users must provide those env vars at the agent/host level; sensitive keys (embedding API keys, LLM keys, git credentials) will be used by the upstream package if configured.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system agent config. It only installs the upstream package into either the environment or a workspace-local prefix; no persistent privileged presence or automatic always:true behavior is requested.
Assessment
This skill is a thin, auditable wrapper around an upstream PyPI package and appears coherent with its description. Before installing: (1) review the upstream project (https://github.com/ernestyu/clawfeedradar) and the PyPI package contents if you can; (2) avoid installing into a global system Python—use a controlled virtualenv or allow the workspace prefix fallback; (3) be aware the upstream CLI will perform network activity (RSS/HTTP scraping, embedding API calls, optional small-LLM summarization, and optional git publish) and will read your clawsqlite database and whatever env vars you supply (embedding API keys, LLM keys, git creds). If you want to restrict blast radius, configure allowed sources.json and disable publishing (or remove publish-related env vars/credentials) and provide only the minimal embedding/LLM credentials needed. If you need higher assurance, inspect the upstream package source or vendor a pinned, audited release rather than installing an unpinned >= version from PyPI.Like a lobster shell, security has layers — review code before you run it.
latestvk974g3yk8v6pd8hbzgw0tc7akx84ftb2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython