Dailynewsreport
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill mostly matches its news-reporting purpose, but it uses an unsafe shell command for Telegram delivery and requests broader local permissions than the purpose clearly needs.
Review carefully before installing. The news aggregation and Telegram push functionality is coherent, but you should not grant broad local permissions unless they are reduced or justified, and Telegram delivery should be changed to use a safe HTTP client instead of child_process.exec. If you proceed, use test mode first, verify the Telegram chat destination, and avoid placing valuable bot tokens in this skill until the shell-command handling is fixed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If Telegram configuration values are malformed or influenced by untrusted input, they could cause local shell command execution in the skill environment.
The skill builds a shell command using configured values and executes it with child_process.exec. Telegram delivery is purpose-aligned, but shell execution is an unsafe implementation path compared with fetch/axios or execFile with argument arrays.
const curlCommand = `curl -s -X POST "https://api.telegram.org/bot${this.botToken}/sendMessage" ... -d "chat_id=${this.chatId}" ...`; ... exec(curlCommand, (error, stdout, stderr) => {Replace shell-based curl with a direct HTTP client such as fetch or axios, or use execFile with a fixed binary and validated arguments; validate Telegram token and chat ID formats.
A leaked Telegram bot token could let someone else send messages as the bot or abuse the configured Telegram integration.
The Telegram bot token is embedded directly in a shell command, and exec errors are logged. That can expose the bot token through command lines or failure logs.
https://api.telegram.org/bot${this.botToken}/sendMessage ... console.error(`[Telegram] curl error: ${error.message}`); ... console.error('[Telegram] Error details:', JSON.stringify(error, null, 2));Do not put secrets in shell command strings; avoid logging exec error objects or commands that may contain tokens, and redact bot tokens and chat IDs from all logs.
If granted, these permissions increase the possible impact of a bug or command-injection issue by giving the skill broader local access than the news-reporting workflow appears to require.
The declared local permissions are broad. The source mainly reads a local config file and sends network requests; unrestricted file write and env read are not clearly scoped or justified.
"permissions": ["internet", "file-system:read", "file-system:write", "env:read"]
Reduce permissions to the minimum needed, such as internet access and scoped config read access, and remove file-system write and env read unless a clear bounded use is implemented and documented.
Future installs could pull dependency versions that differ from what the publisher tested.
The skill relies on npm packages with caret version ranges, so installs may resolve to newer package versions. This is common for Node projects but is a supply-chain consideration.
"dependencies": { "axios": "^1.6.0", "cheerio": "^1.0.0", "node-cron": "^3.0.3", "crypto": "^1.0.1" }Use a lockfile or pinned dependency versions and install from a trusted package registry.
If the scheduler is started, the skill can keep running and send reports at the configured times without further prompts.
The scheduler keeps a long-running timer and automatically runs the news task at configured times. This matches the stated scheduled-report purpose and is not hidden.
setTimeout(checkTime, 60000); ... if (task.enabled && task.time === currentTime) { ... task.handler().catch(error => {Only start the scheduler when you want automatic reports, and verify the schedule and Telegram destination before enabling it.