Miniflux News

The skill is benign, designed to interact with a Miniflux RSS reader API. It handles credentials appropriately from a dedicated config file (`~/.config/clawdbot/miniflux-news.json`) or environment variables, without attempting to access unrelated sensitive files or exfiltrate data. The `SKILL.md` explicitly includes a strong safety instruction to the agent, stating that it 'must never mark anything as read implicitly' and requires explicit user confirmation for destructive actions, which is reinforced by a `--confirm` flag in the `miniflux.py` script. The Python script uses only the standard library and performs controlled HTTP requests to the Miniflux API, with no evidence of malicious execution patterns or obfuscation.