ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

spotify-news-digest

v1.0.0

Scrape and summarize Spotify-related news from multiple sources (Spotify official blogs, engineering/research/newsroom, TechCrunch, The Verge, Music Business...

1· 102·0 current·0 all-time
byBill Xia@ibillxia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: the scripts scrape RSS, DDG, and Hacker News for Spotify-related items, deduplicate and rank them, and render a Chinese digest. No unrelated credentials, binaries, or platform access are requested.
Instruction Scope
SKILL.md stays within the stated purpose (how to run scripts, how an LLM should generate Chinese summaries, and how to schedule digests). It does instruct OpenClaw to create a scheduled job that posts to a channel, which is expected for a delivery use-case, but the skill also allows custom sources in config.json and uses search results—both expand what the skill will fetch at runtime and could cause it to access sites beyond the listed news sources.
Install Mechanism
No install spec; dependencies are standard Python packages listed in requirements.txt. Nothing is downloaded from arbitrary URLs or installed from opaque remote archives. This is low-risk from an installer perspective.
Credentials
The skill declares no required environment variables, credentials, or system config paths. The code likewise does not read secrets or request unrelated tokens. The ability to add custom sources in config.json is legitimate but increases the scope of network targets the skill will contact.
Persistence & Privilege
always is false and the skill does not request forced/always-on presence. It asks OpenClaw to schedule runs (normal for digest skills). The skill only reads/writes its own files (config/sources.json, outputs) and doesn't modify other skills or global agent settings.
Scan Findings in Context
[ssl-unverified-context] unexpected: scripts/fetch_spotify_news.py sets ssl._create_default_https_context = ssl._create_unverified_context which disables global SSL certificate verification. This is not needed for benign RSS/news scraping and reduces TLS security for the entire Python process (risk of MITM).
[network-fetches-ddg-requests] expected: The code intentionally uses DDG (ddgs / duckduckgo_search) and requests to fetch search results and news sources; this is expected for a news aggregator.
[fetch-arbitrary-or-configurable-urls] expected: config/sources.json and the DDG/HN results drive which URLs are fetched. That is required for the skill, but it means the runtime will request any host returned by search or added by the user, increasing the attack surface (e.g., unexpected or malicious hosts).
[adds-scripts-to-path] expected: The SKILL.md and scripts insert the scripts directory onto sys.path to allow imports — common for local Python modules and expected here.
What to consider before installing
This skill appears to be what it claims (a Spotify news scraper and digest generator) but has some security caveats you should consider before installing or scheduling it: - The fetcher disables global SSL verification (ssl._create_default_https_context = ssl._create_unverified_context). That weakens TLS checks for the entire process and can expose you to man-in-the-middle attacks. Remove or change that line so HTTPS verification remains enabled. - The skill will fetch whatever URLs appear in search results and any custom sources you add to config/sources.json. Do not add internal or sensitive URLs (intranet, metadata endpoints) because the skill could inadvertently access them — run it in a network environment that does not expose sensitive internal services. - Run the skill in an isolated environment (container or limited VM) if you plan to schedule it, especially if the agent has network access to internal services or secrets. Consider pinning and auditing the pip dependencies from requirements.txt before installing. - Review and, if needed, restrict the list of sources in config/sources.json so the skill only queries well-known news domains you trust. - If you rely on the automatic posting feature, check what permissions OpenClaw will grant the scheduled job to post to channels/targets and ensure it won't post to public destinations you didn't intend. If you want, I can produce a minimal patch that removes the SSL bypass and adds explicit request timeouts and domain allowlists to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk979hb3bjggj8wqfrbq3m8k8fh832gk4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments