ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Use ClawRSS

v2026.3.29

Use the ClawRSS OpenClaw plugin to manage RSS feeds, persist web results, pull saved items, work with digest articles, and send Apple push notifications afte...

0· 62·0 current·0 all-time
by@ipocket-app
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, and SKILL.md consistently describe managing RSS feeds, saving/searching articles, digest workflows, and push notifications. The single required config path (plugins.entries.clawrss.enabled) matches that purpose and there are no unrelated env vars or binaries requested.
Instruction Scope
Runtime instructions are narrow and focused: they direct the agent to call specific OpenClaw tools (openclaw_rss_*, openclaw_push_*, web_search) and to verify outcomes. The skill does not instruct the agent to read unrelated files, request extra credentials, or exfiltrate data to unknown endpoints. It does rely on a workspace ID and on the platform's web_search/push tools, which will transmit data to their normal endpoints.
Install Mechanism
Instruction-only skill (no install spec and no code files). This is low-risk from an install/execution perspective because nothing is downloaded or written by the skill itself.
Credentials
The skill requires no environment variables or external credentials in the manifest. The required config path (plugins.entries.clawrss.enabled) is proportionate to its function. The SKILL.md does not attempt to read other env vars or secrets.
!
Persistence & Privilege
The skill is marked always: true in its metadata and agents/openai.yaml allows implicit invocation. always: true forces the skill to be included in every agent run, increasing the attack surface and potential for unexpected autonomous use. The SKILL.md does not justify this permanent presence; most workspace-scoped utility skills do not need to be forcibly always-enabled.
What to consider before installing
This skill appears to do what it says (manage RSS, digests, and push notifications) and it requests no credentials. The main concern is that it is configured always: true (forced into every agent run). Always-enabled skills increase the chance the agent will call RSS/push actions implicitly or at unexpected times. Before installing, consider: 1) Ask the publisher why always: true is necessary — it should not be required for a workspace-scoped RSS tool. 2) If you install, prefer disabling the always flag (or only enable the skill when you need it) so it cannot be implicitly invoked in unrelated tasks. 3) Ensure your ClawRSS push target is correctly configured in the plugin and confirm push status before sending notifications (the SKILL.md warns not to claim delivery if not configured). 4) Because the skill uses web_search and push tools, be aware that content you ask it to save/notify will be transmitted to those services; avoid sending highly sensitive secrets through searches or digests. 5) If you need a higher-assurance decision, request the maintainer to remove always: true and to provide a brief rationale for implicit invocation policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xgkx3n7ryv3wp395n37pv983sq2m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Configplugins.entries.clawrss.enabled

Comments