RSS & Atom Feed Generator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—fetch a web page and generate RSS or Atom files—but users should notice that it may use external fetching services, optional authenticated routes, or curl.
This skill is reasonable for generating feeds from public blogs or news pages. Before installing or using it, be aware that it may fetch URLs through external services or curl, may optionally use authenticated routes if available, and saves generated feed files to the output directory. Avoid private URLs, intranet pages, cookies, or authorization headers unless you explicitly want those sent through the selected fetch path.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may fetch the requested page through an external fetch tool or local curl, and optional headers could expose sensitive authorization data if used carelessly.
The skill gives the agent broad web-fetching options for user-provided URLs, including optional headers. This is necessary for feed generation, but it is a capability users should understand.
Retrieve the target URL by invoking the `WEB_FETCH` function ... Use whichever available protocol applies — REST, MCP, OPAL, or curl. Required parameter: `url`. Optional: `headers`, `max_redirects`, `timeout_seconds`.
Use this skill mainly for public pages. Do not provide cookies, bearer tokens, or private intranet URLs unless you intentionally want them used for the fetch.
Target URLs and page content may be handled by linked external services rather than only by the local agent.
The skill can route page fetching through external services and agent/protocol endpoints. This is disclosed and related to the task, but it means URLs and fetched page content may pass through those services.
Default Order 1. `WEB_FETCH` function via URIBurner REST 2. MCP via streamable HTTP or SSE 3. Authenticated LLM-mediated execution via `chatPromptComplete` 4. OPAL Agent routing
Prefer trusted fetch routes and avoid using this skill for private or confidential pages unless you are comfortable with the selected provider handling that content.
If the authenticated route is used, an existing API key or OAuth-backed credential could be used to perform the fetch or mediated execution.
The skill mentions optional use of authenticated credentials for one routing path even though no credential is required by metadata. This appears optional and purpose-aligned, but should be explicit to the user at runtime.
Treat as requiring authentication unless a valid API key or OAuth-backed credential is available.
Before using authenticated routes, confirm which credential will be used, what service receives the request, and whether the page content is appropriate to send there.