openclaw-read-flow
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent FreshRSS reading-workflow skill, but users should notice that it needs FreshRSS access, may process an unbounded unread feed, and references helper scripts outside the package.
Use this skill only with a specific FreshRSS configuration and API password you are comfortable granting to the agent. Review any referenced digest-builder scripts before running them, set limits for large or private feeds, and keep FreshRSS writeback and long-term knowledge-base updates approval-gated.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read private or personalized FreshRSS unread items using the provided account credentials.
The skill expects a FreshRSS API credential to access the user's feed account. This is purpose-aligned, but it is still account access and should be explicitly scoped by the user.
关键配置:`base_url`, `username`, `api_password`
Use a FreshRSS-specific API password or least-privileged credential, provide the config path explicitly, and do not expose unrelated secrets.
A large or sensitive unread feed could be processed more broadly than expected, increasing cost, latency, or exposure in generated summaries.
The workflow intentionally fetches the full unread pool and states that the raw unread total is not limited by default. This is disclosed and aligned with the digest workflow, but users should understand the breadth.
先全量抓取未读池,再按昨天窗口处理 ... 默认不限制原始未读总数
Set item/source/date limits for large or sensitive feeds and confirm what content will be included before running the full workflow.
If those local scripts are used, their behavior and provenance determine how credentials and feed data are handled.
The instruction-only package references helper scripts outside the supplied files. The references are purpose-aligned, but those helpers are not covered by the provided artifacts.
推荐脚本入口:`../digest-builder/scripts/fetch_freshrss_unread.py`, `../digest-builder/scripts/slice_freshrss_by_date.py`, `../digest-builder/scripts/build_digest.py`
Review or obtain the referenced digest-builder scripts from a trusted source before letting an agent run them.
Reviewed feed content may later become reusable persistent knowledge if the user approves that step.
The workflow contemplates persistent notes or knowledge-base storage, but it explicitly gates long-term writes on confirmation.
视需要再接知识库、笔记或人工沉淀 ... 默认不把未确认内容直接写入长期知识库
Keep long-term knowledge-base writes manual or approval-gated, and separate drafts from confirmed knowledge.