hfnews

This package contains runnable code but is inconsistent with its metadata and README. Things to consider before installing or running it: - Dependencies: fetcher.js requires Node and the 'puppeteer' package plus a Chromium binary at /usr/bin/chromium; scripts/news.py requires Python 3. The skill metadata declares no required binaries — verify you are prepared to install these and that you trust the author. - Installation ambiguity: there is no install or run instruction. You will likely need to run 'npm install' (which downloads many packages) and provide a Chromium binary or let puppeteer download one. Running headless Chromium with '--no-sandbox' can be risky in untrusted environments; run in an isolated container or VM. - Malformed feeds: the Python RSS script contains several malformed/odd feed URLs (e.g., '.../list/panorama feed', '.../layer/feed mp3') — this looks like sloppy packaging and could indicate the code wasn't tested. - Network behaviour: both scripts fetch many external news sites (expected) — if you need to limit network exposure, run offline or in a sandbox. - Clarify expected command: SKILL.md shows a 'news' command but does not map it to fetcher.js or scripts/news.py. Ask the author which script to run and for an installation guide, or inspect/modify the code locally before executing. Recommendation: treat this as untrusted code until the author provides proper install/run instructions and fixes the feed URLs. If you must test it, execute in an isolated environment (container or VM), review package-lock and the code, and avoid running with elevated privileges.