newsnow

v1.0.1

CLI tool to fetch trending news and hot topics from 66 sources across 44 platforms. Returns structured news items with titles, URLs, and metadata. USE FOR: -...

⭐ 0· 290·0 current·0 all-time

by郭立lee@leeguooooo·fork of @sorrycc/newsnow (1.0.0)

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The named sources, commands, and the single env var (PRODUCTHUNT_API_TOKEN) line up with a CLI that fetches trending news from many platforms. The declared functionality is internally consistent with the listed sources.

ℹ

Instruction Scope

SKILL.md instructs the agent to run the 'newsnow' CLI (or use 'npx newsnow') and only references PRODUCTHUNT_API_TOKEN; it does not request unrelated files, secrets, or system paths. However, using npx means the agent will fetch and execute code from the npm registry at runtime, which expands the skill's effective surface beyond the static instructions.

Install Mechanism

There is no install spec in the registry entry; the README tells users/agents to use npm or npx. npx will fetch and execute a package from the public npm registry on demand — this can run arbitrary code. Combined with the skill having no homepage/source to validate provenance, this is a notable installation risk.

✓

Credentials

Only one environment variable is mentioned (PRODUCTHUNT_API_TOKEN), which is appropriate for the Product Hunt source. No unrelated credentials or broad environment access are requested.

✓

Persistence & Privilege

The skill does not request permanent presence (always:false) and does not modify other skills or system-wide config. It appears not to require elevated persistence or privileges.

What to consider before installing

The skill appears to do what it says, but exercise caution before running it: the SKILL.md expects you to run 'npm install' or 'npx newsnow' which will fetch and execute code from npm. Because there is no source repository or homepage listed, you cannot easily audit the package beforehand. Before installing or running: (1) prefer a package with a linked repository/homepage and inspect its code; (2) run npx/npm commands in a sandbox/container or isolated environment; (3) only provide PRODUCTHUNT_API_TOKEN if you trust the package; and (4) consider reaching out to the publisher or searching the npm registry for the package name and publisher reputation. These steps reduce risk from untrusted runtime code execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yza9xxm07fea19hcffdp9x82b266

290downloads

0stars

1versions

Updated 1mo ago

v1.0.1

MIT-0

newsnow CLI

Fetch trending news and hot topics from 66 sources across 44 platforms. Returns news items with title, URL, and optional metadata.

Run newsnow --help for usage details.

Workflow

Follow this pattern:

List - Don't know what sources are available? List them first.
Fetch - Know the source? Fetch news directly.
JSON - Need structured data? Add --json for machine-readable output.

Need	Command	When
See all sources	`newsnow list`	Don't know source names
See sources as JSON	`newsnow list --json`	Need source list programmatically
Get news	`newsnow <source>`	Know the source, want readable output
Get news as JSON	`newsnow <source> --json`	Need structured data for processing

Commands

list

List all available sources.

newsnow list
newsnow list --json

Fetch a source

newsnow hackernews
newsnow hackernews --json

Output fields (JSON mode):

id - Unique item identifier
title - News headline
url - Link to the article (optional)
pubDate - Publication date (optional)
extra - Additional metadata like view counts, comments (optional)

Sources

66 source endpoints across 44 platforms:

Platform	Sources
36kr	`36kr`, `36kr-quick`, `36kr-renqi`
Baidu	`baidu`
Bilibili	`bilibili`, `bilibili-hot-search`, `bilibili-hot-video`, `bilibili-ranking`
Cankaoxiaoxi	`cankaoxiaoxi`
Chongbuluo	`chongbuluo`, `chongbuluo-hot`, `chongbuluo-latest`
CLS	`cls`, `cls-telegraph`, `cls-depth`, `cls-hot`
Coolapk	`coolapk`
Douban	`douban`
Douyin	`douyin`
Fastbull	`fastbull`, `fastbull-express`, `fastbull-news`
FreeBuf	`freebuf`
Gelonghui	`gelonghui`
Ghxi	`ghxi`
GitHub	`github`, `github-trending-today`
Hacker News	`hackernews`
Hupu	`hupu`
iFeng	`ifeng`
iQIYI	`iqiyi-hot-ranklist`
ITHome	`ithome`
Jin10	`jin10`
Juejin	`juejin`
Kaopu	`kaopu`
Kuaishou	`kuaishou`
LinuxDo	`linuxdo`, `linuxdo-latest`, `linuxdo-hot`
MktNews	`mktnews`, `mktnews-flash`
Nowcoder	`nowcoder`
PCBeta	`pcbeta-windows`, `pcbeta-windows11`
Product Hunt	`producthunt`
QQ Video	`qqvideo-tv-hotsearch`
SMZDM	`smzdm`
Solidot	`solidot`
Sputnik News CN	`sputniknewscn`
SSPai	`sspai`
Steam	`steam`
Tencent	`tencent-hot`
The Paper	`thepaper`
Tieba	`tieba`
Toutiao	`toutiao`
V2EX	`v2ex`, `v2ex-share`
Wall Street CN	`wallstreetcn`, `wallstreetcn-quick`, `wallstreetcn-news`, `wallstreetcn-hot`
Weibo	`weibo`
Xueqiu	`xueqiu`, `xueqiu-hotstock`
Zaobao	`zaobao`
Zhihu	`zhihu`

Source Selection Guide

Category	Recommended Sources
Tech	`hackernews`, `github`, `v2ex`, `juejin`, `ithome`, `linuxdo`
Finance	`xueqiu`, `wallstreetcn`, `cls`, `jin10`, `gelonghui`, `fastbull`
General News	`toutiao`, `baidu`, `thepaper`, `ifeng`, `zaobao`, `cankaoxiaoxi`
Social/Trending	`weibo`, `douyin`, `bilibili`, `zhihu`, `tieba`, `douban`
Security	`freebuf`
Product/Design	`producthunt`, `sspai`

Environment Variables

PRODUCTHUNT_API_TOKEN - Required for producthunt source

Known Limitations

linuxdo, linuxdo-latest, linuxdo-hot may return 403 Forbidden (Cloudflare)
Some Chinese sources may be inaccessible from outside mainland China

Working with Results

newsnow hackernews --json | jq '.[].title'
newsnow hackernews --json | jq '.[:5]'
newsnow weibo --json | jq '.[] | "\(.title) \(.url)"'

Prefer npx newsnow <source> --json when the CLI is not installed globally.

Comments

Loading comments...