Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (real-time RSS monitoring and a TextBlob-based 'unreliable' predictor) match the included scripts, README, requirements, and runtime instructions. The listed dependencies (requests, feedparser, beautifulsoup4, textblob) are appropriate for the stated functionality.
Instruction Scope
SKILL.md and README only instruct installing Python deps and running scripts in the skill folder; the runtime instructions do not request unrelated files, env vars, or external endpoints beyond RSS feeds. Note: the monitor may read a local cache file logs/live_news_cache.json if RSS fetch fails—this is contained to the skill directory but worth noting.
Install Mechanism
There is no external install spec in the registry; the bundle contains an install_deps.py helper that runs pip install -r requirements.txt and calls textblob.download_corpora. This is a standard, expected approach for Python projects. The installer will reach out to the network to fetch packages and corpora (normal but requires caution).
Credentials
The skill requests no environment variables, credentials, or config paths. All network access is to public RSS feeds and PyPI/corpora download; no secrets or unrelated service tokens are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no privileged persistence. It creates/uses a logs directory inside its own scripts folder only.
Assessment
This package appears coherent for its stated purpose. Consider these precautions before running: 1) Run install_deps.py and the scripts inside an isolated Python environment (virtualenv/container) because pip installs and TextBlob corpus downloads execute network actions and Python package code. 2) The HTTP requests in scripts use verify=False (SSL verification disabled) which increases risk of man-in-the-middle tampering of fetched RSS content; avoid running on highly sensitive networks or adjust the code to enable certificate verification. 3) The monitor writes/reads a logs/live_news_cache.json file inside the skill folder — review any cached data before sharing. 4) Inspect the requirements and ensure you trust the PyPI packages being installed. If you want higher assurance, run the scripts in a disposable environment and/or review/modify the verify=False line to verify HTTPS certificates.Like a lobster shell, security has layers — review code before you run it.
latestvk97e886adxc8w8g1gv35z8k9fn83xvtz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.