AI Daily News
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-daily-news Version: 1.0.0 The skill contains significant security vulnerabilities and risky behaviors, though no clear evidence of intentional malice was found. Specifically, `scripts/browser_fallback.py` is vulnerable to shell injection in the `run_agent_browser_command` function, which uses `subprocess.run(shell=True)` with unsanitized string formatting. Additionally, `scripts/youtube_collector.py` performs an automated `pip install` of `yt-dlp` if missing, which is a risky practice in automated environments. While the tool's purpose of collecting AI news is legitimate, the lack of input sanitization and the use of dangerous execution patterns pose a high risk of exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the news collector can modify the Python environment and execute newly downloaded package code without a separate user approval moment.
If yt-dlp is missing, the script installs it from PyPI during collection rather than failing and asking the user to run a reviewed setup step.
except ImportError:
logger.warning("yt-dlp 未安装,尝试使用pip安装...")
subprocess.check_call(['pip', 'install', '-q', 'yt-dlp'])Move yt-dlp into the documented requirements, pin the version, and fail with a clear setup instruction instead of installing packages automatically at runtime.
A crafted URL or extractor rule could potentially cause unintended local shell or browser execution when the fallback helper is used.
The helper builds shell commands from browser actions, URLs, and optional JavaScript extractor text. If used with configurable or untrusted values, this can escape the intended browser-scraping boundary.
full_cmd = f"agent-browser {command}"
result = subprocess.run(full_cmd, shell=True, ...)
run_agent_browser_command(f'open "{url}"', timeout=15)
run_agent_browser_command(f'eval "{js_code}"', timeout=10)Avoid shell=True, pass arguments as a list, validate or escape URLs, and restrict or remove the generic eval-based extraction path.
Anyone with the webhook may be able to post to the associated Feishu chat, and the skill will send generated news reports there.
The skill uses a Feishu webhook/chat configuration to post reports, which is expected for its purpose but is still an account/workspace posting capability.
"feishu": { "webhook_url": "https://open.feishu.cn/open-apis/bot/v2/hook/xxx", "chat_id": "oc_xxx" }Use a dedicated low-privilege Feishu bot/webhook, keep the webhook secret, and verify the destination chat before enabling scheduled pushes.
If scheduled, the skill can continue collecting and posting daily until the scheduler or task entries are stopped.
The install guide documents recurring scheduled execution for collection and posting. This is disclosed and purpose-aligned, but it creates ongoing automated behavior.
schtasks /create /tn "AI-News-Collect" /tr "python scripts/collect_ai_news.py" /sc daily /st 06:00 schtasks /create /tn "AI-News-Push" /tr "python scripts/push_to_feishu.py" /sc daily /st 08:00
Only enable scheduling intentionally, monitor the first few runs, and know how to stop the scheduler or remove the scheduled tasks.