ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Tech Intelligence Briefing

v1.1.1

Automatically curates and summarizes daily top AI and tech news worldwide, delivering concise, time-zone aware briefings for quick updates.

2· 235·1 current·1 all-time
byGeorge JW@greatworks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/SKILL.md and openclaw metadata state the skill calls SearXNG and performs HTTP GETs to fetch news, and list 'requests' as a dependency. However, the main runtime (scripts/briefing.py) contains no network calls or imports of requests and instead returns locally generated demo stories. package.json and setup.py reference Python 'requests' but package.json is a Node-style file with a Python dependency string (incoherent). These inconsistencies mean the declared capabilities do not match the actual code.
!
Instruction Scope
Runtime instructions in SKILL.md tell the agent to run scripts/briefing.py generate/fetch/list, which match the shipped script. However, the documentation repeatedly claims external network activity and 'no upload' guarantees despite no network code being present. Additionally, a pre-scan flagged unicode-control-chars was found in SKILL.md (possible prompt-injection attempt embedded in documentation). The publish script references workspace paths and external CLIs (clawhub, jq) that are outside the skill's stated runtime scope.
Install Mechanism
There is no install spec (instruction-only) which reduces install-surface risk, but the repository includes setup.py, package.json, tests, and a publish shell script. setup.py declares Python install_requires (requests). package.json is present but formatted for Node with an odd Python dependency entry — sloppy packaging but not directly malicious. The publish.sh script will run shell commands and expects clawhub/jq; running that script blindly could interact with host workspace, so avoid executing it unless needed.
Credentials
The skill does not request any credentials or sensitive environment variables. SKILL.md describes optional BRIEFING_* env vars for configuration (language, region, output dir), which are proportionate and documented. No API keys or secrets are required by the shipped code.
Persistence & Privilege
The skill does not request elevated privileges and has always:false. It writes briefing files to a configurable output directory (defaults to current directory). The publish.sh contains a hard-coded workspace path (/home/admin/.openclaw/workspace/skills/...) — this is not executed by the skill itself but is a red flag if someone runs the publish script (it assumes a particular workspace layout).
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan flagged unicode control characters in SKILL.md. The visible SKILL.md includes mixed Unicode symbols but no obvious malicious content; however, control characters can be used for prompt-injection or to obfuscate text. The presence of this pattern is unexpected for a documentation file and should be inspected and removed or explained by the author.
What to consider before installing
What to consider before installing or running this skill: - The documentation and metadata claim live network fetching from SearXNG, but the shipped runtime script (scripts/briefing.py) only produces local demo stories and makes no HTTP requests. Ask the author which behavior is intended before trusting the skill to fetch live news. - The repository packaging is inconsistent (Node-style package.json listing a Python 'requests' dependency, plus setup.py). This looks like sloppy packaging rather than active maliciousness, but it increases the chance of unexpected behavior if you try to install it automatically. - Do NOT run scripts/publish.sh unless you understand and trust it: it assumes clawhub, jq, and a specific workspace path (/home/admin/.openclaw/...), and running it could interact with your local CLIs/workspace. - The SKILL.md contained a pre-scan flag (unicode control characters). Inspect the raw file for hidden control characters or invisible text that could alter prompts or displayed text; remove them if present. - Practical steps: 1) Review scripts/briefing.py yourself (it appears benign and offline). 2) Run the code in an isolated environment (container or VM) first. 3) If you expect live news fetches, request the author provide the network-calling code or confirm how to enable it and what domains/APIs will be contacted. 4) Run the test/verify scripts locally in a sandbox to confirm behavior before granting any higher privileges or running publish scripts. If the author confirms the current code is intentionally offline (demo-only) and updates the docs/metadata to match, this skill would be consistent and lower risk. If they claim it fetches remote data, request the exact implementation and domain list and re-check for any hidden characters or hardcoded paths.

Like a lobster shell, security has layers — review code before you run it.

aivk97bwamdr0pzt104v88my9d15s82sye9dailyvk97bwamdr0pzt104v88my9d15s82sye9intelligencevk97bwamdr0pzt104v88my9d15s82sye9latestvk97ds2zwc5wsx5pwtaqs0wybch82tse7newsvk97bwamdr0pzt104v88my9d15s82sye9openclawvk97bwamdr0pzt104v88my9d15s82sye9techvk97bwamdr0pzt104v88my9d15s82sye9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments