ClawHub

HackerNews Extract

v0.1.5

Extract a HackerNews post (article + comments) into single clean Markdown for quick reading or LLM input.

3· 2.7k·6 current·6 all-time
by@guoqiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and instructions: the script fetches HN metadata from hn.algolia.com, downloads the linked article HTML, cleans it, and writes combined Markdown. The only required binary is 'uv', which the SKILL.md and shebang explain is used to run the script and manage Python deps.
Instruction Scope
SKILL.md gives explicit runtime steps: run the Python script via 'uv', then upload the generated file in a single message tool call and optionally ask whether to summarize. These instructions are scoped to delivering the extracted file to the user/agent. Note: the script fetches arbitrary article URLs (expected for this tool) and can read an input .json file if provided — both are consistent with the stated purpose but mean the skill performs outbound network requests and can read local JSON files passed as inputs.
Install Mechanism
No install spec is provided beyond requiring 'uv' on PATH. The script declares its Python dependencies in header comments (uv will install them into a venv at run time). This is low-risk compared to arbitrary remote installers or embedded binary downloads.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is appropriate for an extractor that operates with public HN APIs and by fetching public article URLs.
!
Persistence & Privilege
The registry flag always: true forces the skill to be included in every agent run. There is no justification in the SKILL.md for it to be always active — an extraction tool does not normally require permanent inclusion. always:true increases the attack surface and should be questioned or removed unless a clear reason is provided.
What to consider before installing
This skill appears to do what it says: fetch HN metadata and the linked article, clean it, and produce markdown. It requires 'uv' and will make outbound HTTP requests to hn.algolia.com and whatever article URLs are linked (expected behavior). The main concern is the registry flag always: true — that makes the skill available in every agent run and increases exposure without an obvious reason. Before installing, consider: 1) Do you want this skill force-enabled for all agents? If not, ask the publisher to remove always:true or set it to user-invocable only. 2) Are you comfortable with the skill making outbound requests and writing files (temporary paths like /tmp)? 3) If you plan to pass local file paths, be aware the script will read those files. If anything about the always:true setting or network/file behavior worries you, do not install until the author justifies the permanent inclusion or you review/modify the code yourself.

Like a lobster shell, security has layers — review code before you run it.

commentsvk974ypvszpvh8vmghw24bryshh80pk6yextractvk974ypvszpvh8vmghw24bryshh80pk6yhackernewsvk974ypvszpvh8vmghw24bryshh80pk6yhnvk974ypvszpvh8vmghw24bryshh80pk6ylatestvk974ypvszpvh8vmghw24bryshh80pk6ymarkdownvk974ypvszpvh8vmghw24bryshh80pk6ypythonvk974ypvszpvh8vmghw24bryshh80pk6yreadervk974ypvszpvh8vmghw24bryshh80pk6yrssvk974ypvszpvh8vmghw24bryshh80pk6yscrapervk974ypvszpvh8vmghw24bryshh80pk6ysummarizevk974ypvszpvh8vmghw24bryshh80pk6yuvvk974ypvszpvh8vmghw24bryshh80pk6y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
OSmacOS · Linux · Windows
Binsuv

Comments