Skillv1.0.0

ClawScan security

News Sum · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 14, 2026, 5:15 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's overall design (news aggregation and optional email delivery) is coherent, but the runtime instructions ask the agent to run an email-sending CLI and spawn subagents without declaring the required binary or credentials and contain some inconsistent and potentially unsafe shell usage — the mismatches should be resolved before installing.
Guidance: Before installing or enabling this skill, verify these points: (1) Confirm how email sending will be authenticated: the SKILL.md uses 'gog gmail send' but the skill declares no required binary or any credentials — ask the author where 'gog' comes from and what credentials it needs. Do not provide broad Gmail/SMTP credentials until you trust the CLI and source. (2) Resolve the contradiction about temporary files: the skill says 'convert in memory, no temp files' but also attaches a file path; ensure attachments are created only in a controlled workspace path. (3) Command injection risk: the send command interpolates user-supplied EmailTarget and HTML into a shell command. Make sure placeholders are properly escaped or use an API/SDK instead of raw shell formatting. (4) Review privacy: the skill will fetch many web pages (English + Chinese results) and may include scraped content in outgoing emails; confirm you are comfortable with that data leaving your agent. (5) If you proceed, require the author to declare the exact binary dependency and the minimal credential scope (e.g., a dedicated, limited-scope SMTP account or OAuth token), or modify the skill to use the platform's audited mail API to avoid shell/credential issues.

Review Dimensions

Purpose & Capability: concernThe skill claims to collect news and optionally send it by email, which is reasonable. However, the SKILL.md instructs the agent to run the external CLI command 'gog gmail send' to deliver mail yet the skill declares no required binaries and no credentials. Sending mail normally requires an authenticated mail client or credentials; that capability is not declared. This is an incoherence between claimed purpose and requested/declared resources.
Instruction Scope: concernInstructions read and write workspace files and spawn subagents for reporters/editors (reasonable for an aggregator). Concerns: (1) contradictory guidance — 'convert markdown to HTML in memory, do not generate temporary files' vs. the send command that uses --attach pointing to a file path (implies a file must exist). (2) The email send uses a shell command with user-supplied placeholders (--to="{EmailTarget}" and --body-html="$(printf '%s' '{HTML内容}')"); if placeholders are not properly escaped, this creates command-injection risk. (3) It relies on platform tools 'web_search' and 'fetch__fetch' (expected) but these will perform broad web fetching — acceptable for the stated purpose but increases data fetched/transmitted.
Install Mechanism: okNo install spec (instruction-only) — lowest install risk. Nothing is being downloaded or written by an installer in this skill bundle.
Credentials: concernThe skill declares no required environment variables or credentials, yet runtime steps require authenticated email delivery (gog gmail send) and potentially access to web fetching services. The lack of declared credentials (e.g., Gmail OAuth token, SMTP creds, or a configured 'gog' CLI) is disproportionate to the email-delivery capability and is a notable omission.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — no forced always-on privilege. The skill instructs spawning subagents (sessions_spawn), which is normal for complex multi-step agents; nothing in the bundle requests persistent system-wide changes or modifies other skills' configuration.