Skillv0.1.0

ClawScan security

Claw RSS Feed Radar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 9:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it is a thin wrapper that installs and invokes an upstream 'clawfeedradar' Python package to fetch and score RSS/HN/arXiv items against a clawsqlite knowledge base; nothing in the provided files appears to request unrelated credentials or perform unexpected file/credential access.
Guidance: This skill is a thin, auditable wrapper around an upstream PyPI package and appears coherent with its description. Before installing: (1) review the upstream project (https://github.com/ernestyu/clawfeedradar) and the PyPI package contents if you can; (2) avoid installing into a global system Python—use a controlled virtualenv or allow the workspace prefix fallback; (3) be aware the upstream CLI will perform network activity (RSS/HTTP scraping, embedding API calls, optional small-LLM summarization, and optional git publish) and will read your clawsqlite database and whatever env vars you supply (embedding API keys, LLM keys, git creds). If you want to restrict blast radius, configure allowed sources.json and disable publishing (or remove publish-related env vars/credentials) and provide only the minimal embedding/LLM credentials needed. If you need higher assurance, inspect the upstream package source or vendor a pinned, audited release rather than installing an unpinned >= version from PyPI.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the skill boots/uses a PyPI package named 'clawfeedradar', requires only python, and exposes actions (run_once / schedule_from_sources_json) that map directly to the upstream CLI. The requirement set (only python) is proportionate to the stated purpose.
Instruction Scope: noteThe runtime wrapper only reads a JSON payload and runs 'python -m clawfeedradar.cli' with arguments, capturing JSON output. The wrapper itself does not read unrelated files or creds. However, the upstream package (invoked at runtime) will perform network requests (RSS fetching, scraping, embedding/LLM API calls, optional git publish) and will read your clawsqlite DB and any agent/host env vars used by clawfeedradar; users should assume those external behaviors occur even though they are delegated to the upstream CLI.
Install Mechanism: okInstall is a pip install of 'clawfeedradar>=0.1.0' (attempts system env then a workspace prefix). This is a standard mechanism; no downloads from arbitrary URLs or extract steps are present. Installing a PyPI package into a system Python is the main install action to be aware of.
Credentials: noteThe skill declares no required env vars itself, which matches the wrapper. The SKILL docs explicitly state many env vars (EMBEDDING_*, CLAWSQLITE_ROOT, LLM/GIT publish settings) are required by the upstream package — this is expected for the functionality, but these are not requested by the wrapper. Users must provide those env vars at the agent/host level; sensitive keys (embedding API keys, LLM keys, git credentials) will be used by the upstream package if configured.
Persistence & Privilege: okThe skill is not always-enabled and does not modify other skills or system agent config. It only installs the upstream package into either the environment or a workspace-local prefix; no persistent privileged presence or automatic always:true behavior is requested.