opennews
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: opennews-mcp Version: 1.0.0 The OpenNews skill is benign. It clearly defines its purpose as interacting with the OpenNews 6551 API for crypto news. All `curl` commands target the specified `https://ai.6551.io` endpoint, correctly use the `$OPENNEWS_TOKEN` for authentication, and process data locally with `jq`. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process with this token may be able to use the user's OpenNews API access.
The skill needs a service credential to access the OpenNews API. This is purpose-aligned and disclosed, but the token grants account/API access and should be handled carefully.
All endpoints require a Bearer token via `$OPENNEWS_TOKEN`.
Only set OPENNEWS_TOKEN for the intended OpenNews account, avoid sharing logs or command output that may reveal it, and rotate the token if it is exposed.
Search keywords, coin filters, and related request metadata may be visible to the OpenNews/6551 service.
The skill sends search terms and filters to an external provider endpoint. This is the core purpose of the skill and is clearly disclosed, but users should recognize that their queries leave the local environment.
curl -s -X POST "https://ai.6551.io/open/news_search" ... -d '{"q": "bitcoin ETF", "limit": 10, "page": 1}'Use the skill only with queries you are comfortable sending to the OpenNews provider, and verify the provider before using a token.