Site Feeds
v1.0.1Use this skill when the user wants to get updates or content from websites and platforms like YouTube, GitHub, Instagram, Reddit, news sites, blogs, etc. Thi...
⭐ 1· 113·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the instructions: the skill instructs use of the airsstool CLI and (optionally) a locally deployed RSSHub to fetch feeds from websites. Required capabilities (Docker, Python) are relevant to the stated goal.
Instruction Scope
SKILL.md directs the agent to create folders, write a .env, modify docker-compose for Puppeteer, run 'docker compose up -d', install airsstool, and initialize a local DB. These actions are within scope for providing feeds but are operationally significant (writing files, deploying containers). The file also suggests deleting the installation section after setup, which implies modifying skill/documentation — note this could have unexpected effects depending on agent permissions.
Install Mechanism
There is no formal install spec in the manifest; installation is delegated to manual steps (follow GitHub instructions, pull docker-compose.yml from RSSHub docs). Downloading and running third‑party code from GitHub and pulling Docker images is expected here but carries the usual supply‑chain risk; the instructions do not harden or pin versions.
Credentials
The manifest requests no environment variables or credentials. The instructions do ask the user to create a .env for RSSHub, but no specific secrets are mandated by the skill; users should avoid placing unrelated secrets into that file.
Persistence & Privilege
The skill is not marked 'always' and requests no config paths or permanent agent modifications. It does direct the agent/user to run long‑lived services (a Docker RSSHub container) which is operationally significant but not a manifest privilege escalation.
Assessment
This skill appears to do what it says, but it instructs you (or an agent acting for you) to download and run third‑party software and to deploy a Docker service. Before installing or following the steps: (1) review the RSSHub and airsstool repositories and trust their maintainers; (2) run installations in an isolated environment (VM/container) if possible; (3) inspect the docker‑compose.yml and any scripts before running them; (4) avoid putting unrelated secrets into the .env file; (5) be aware the setup will create files (e.g., ~/.airsstool DB) and run a long‑running container. If you do not want the agent to perform system changes or fetch/execute remote code, do not enable or invoke this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9735kay03fatjccv7er1whs7h837hey
License
MIT-0
Free to use, modify, and redistribute. No attribution required.