ClawHub
Back to skill
v1.0.0

Ai News Collectors 1.0.0

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:08 AM.

Analysis

This is a coherent instruction-only AI news gathering skill that browses public sources and has no code, credentials, persistence, or local data access.

GuidanceThis appears safe for public AI news summaries. Expect it to browse multiple public sources and include links; double-check important news items because web content can be incomplete or wrong.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
多维度分层搜索(最少 8 次,建议 10-12 次)... 发现周报后,用 web_fetch 获取全文

The skill explicitly directs repeated web searches and page fetching. This is expected for a news aggregation skill, but it is still external tool use against public web content.

User impactThe agent may spend time browsing several public sites and may summarize untrusted or inaccurate web content.
RecommendationUse it for public news gathering, and verify important claims against the linked sources before relying on them.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
_meta.json
"ownerId": "kn7fr165ff9vkkwsqyqrq2nwas80t4ev", "slug": "ai-news-collectors"

The embedded metadata differs from the registry owner/slug shown in the evaluation header, and the listing provides no source homepage. Because the skill is instruction-only with no executable code, this is a provenance note rather than a behavioral concern.

User impactThe skill's origin is not fully clear, although there is no code or install step that would run on the user's machine.
RecommendationIf provenance matters, confirm the publisher before installing; otherwise the artifact itself does not show unsafe install behavior.