Back to plugin

Security audit

holo RSS Reader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real RSS reader that mostly does what it claims, but its metadata under-declares some runtime dependencies and optional configuration variables.

This skill looks internally consistent with an RSS reader. Before installing, understand that it will make network requests to GitHub/Gist, wechat2rss, and any feed/article URLs in your subscriptions, and it will cache content locally under `~/data/rss` by default. If you use a proxy for privacy, review the direct retry behavior. If you want to reduce SSRF-style risk from untrusted OPML/feed sources, configure the skill's restricted or allowlist security mode.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.