ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tech-news-bulletin

v1.0.0

Collect latest technology and AI news from RSS feeds AND the TLDR.tech AI newsletter, merge them into a unified daily digest, and send via email.

0· 54·0 current·0 all-time
by@juniarto-samsudin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the code: it fetches RSS and TLDR pages, merges/deduplicates, summarizes, and sends an HTML email. However there is a clear metadata mismatch: the registry metadata listed no required env vars, while SKILL.md (and the script) require SMTP credentials (SMTP_EMAIL/SMTP_PASSWORD). Also the script hardcodes a list of recipient email addresses, which is not justified by the generic 'send via email' description and may indicate the publisher intended to send digests to specific third-party recipients.
!
Instruction Scope
SKILL.md instructs running a script at a hardcoded user path (/home/juniarto/.openclaw/...), tails /tmp/openclaw-debug.log, and suggests a cron job payload. The code itself fetches external URLs (RSS feeds, tldr.tech) and posts article text to an Ollama generation endpoint at a hardcoded internal IP (http://172.20.86.203:11434). The instructions and code also require editing the script to customize EMAIL_ADDRESSES, but the shipped default contains organization-specific emails — meaning if a user runs this without editing, content will be emailed to those addresses. All of the above extend the skill's scope into network communications and potential data transmission beyond the user's control.
Install Mechanism
This is an instruction-only skill with no install spec; the SKILL.md asks the user to pip install a small handful of Python packages (feedparser, requests, beautifulsoup4). That is proportionate to the described functionality and is lower risk than downloading/executing arbitrary archives.
!
Credentials
Sending email legitimately needs SMTP credentials, and SKILL.md/installation instructions require SMTP_EMAIL and SMTP_PASSWORD. But the registry metadata did not declare these env vars, creating an inconsistency. Additionally, the script does not require any other credentials but will send content to a hardcoded recipient list (organization emails) and send article text to a hardcoded Ollama endpoint on a private IP — both of which could leak content. The use of an internal IP for summarization is not explained or configurable through environment variables, reducing user control over where content is sent.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. The cron example is user-supplied and not automatically installed by the skill. The script writes logs to /tmp/openclaw-debug.log (expected for debugging) but does not appear to change other skills' configs or request persistent platform-level privileges.
What to consider before installing
Before installing or running this skill, consider the following: - Do not run it unmodified. The shipped script contains a hardcoded list of recipient emails; if you run it as-is the digest will be emailed to those addresses. Replace or remove EMAIL_ADDRESSES before use. - The registry metadata omitted required env vars, but SKILL.md and the script expect SMTP_EMAIL and SMTP_PASSWORD. Ensure you set an appropriate SMTP account with limited permissions (use an app-specific password or a dedicated sending account) and never reuse a high-privilege credential. - The summarization request is POSTed to a hardcoded internal IP (http://172.20.86.203:11434). That endpoint will receive the article text (up to the truncated length the script sends). If you don't control/recognize that host, do not run the summarization or change the code to point to a trusted model endpoint or disable remote summarization. - The script logs to /tmp/openclaw-debug.log and SKILL.md suggests running a command at a hardcoded home path (/home/juniarto/...). Update paths to your environment to avoid accidental disclosure of your filesystem layout or relying on author-specific paths. - Audit the code paths that fetch pages (tldr.tech, RSS feeds) and the summarizer call, and consider running the script in an isolated environment (container or VM) until you are comfortable with its behavior. - If you need this functionality but want to minimize risk: remove the hardcoded recipients, make the Ollama endpoint configurable via environment variables (and default to disabled), and verify the SMTP usage with a disposable sending account. Given the hardcoded recipients and the non-configurable internal summarization endpoint, treat this skill as potentially leaking content unless you explicitly review and modify those parts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738et4vn500dk2dnhkfknf3x83f10b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
Binspython3
Environment variables
SMTP_EMAILrequired
SMTP_PASSWORDrequired

Comments