Opennews
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms, filters, and authenticated API requests may be sent to the OpenNews/6551 service.
The skill documents shell-mediated HTTP calls to a disclosed external API. This is expected for the stated news-search purpose, but users should recognize that the agent may run curl commands that contact the 6551 service.
curl -s -X POST "https://ai.6551.io/open/news_search" ... -H "Authorization: Bearer $OPENNEWS_TOKEN"
Install only if you trust the 6551 API provider, and review commands before using the skill for sensitive searches.
Anyone or anything with access to OPENNEWS_TOKEN may be able to use the associated OpenNews/6551 API account or quota.
The skill requires an API credential for the integrated service. This is purpose-aligned, and the artifacts show the token being sent only as an Authorization header to the disclosed API base URL.
All endpoints require a Bearer token via `$OPENNEWS_TOKEN`.
Use a dedicated, revocable token with the minimum necessary scope, and do not paste the token into prompts or shared files.
The skill may require jq for some example commands, and the declared read capability is not clearly justified by the documented API-only use case.
package.json declares jq and a local read tool, while the registry/install information only requires curl and the documented workflow is API-focused. This is a minor dependency/capability mismatch users should be aware of.
"tools": ["exec", "read"],
"binaries": ["curl", "jq"]Clarify or remove the unused read capability and ensure jq is consistently declared or installed if jq-based workflows are intended.