NewsAPI Search
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a straightforward NewsAPI search wrapper, but it uses a NewsAPI key that metadata does not declare and one provided source file is truncated.
This looks safe for its stated purpose if you intend to query NewsAPI. Before installing, make sure you are comfortable providing a NewsAPI key, understand that searches and the key are sent to newsapi.org over HTTPS, and inspect the full search.js file if you need stronger assurance.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your NewsAPI key and search requests will be used against your NewsAPI account and may consume your API quota.
The script reads a local NewsAPI credential and sends it to NewsAPI as part of the expected API request. This is purpose-aligned, but users should notice it because the registry metadata says no env vars or primary credential are required.
const API_KEY = process.env.NEWSAPI_KEY; ... apiKey: API_KEY ... const url = `https://newsapi.org/v2/everything?${params.toString()}`;Use a dedicated NewsAPI key with appropriate limits, store it only in the documented ~/.openclaw/.env location, and consider updating the metadata to declare NEWSAPI_KEY as a required credential.
The reviewed artifact does not allow full manual verification of every line in the search script.
The provided artifact does not include the full tail of scripts/search.js, which limits complete source review even though the visible code is coherent and the static scan reports no findings.
"truncated": true
Inspect the full scripts/search.js file before installing if you need high assurance, especially because the registry source and homepage are not provided.