Back to skill
Skillv0.8.2
ClawScan security
HN Daily Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 8:11 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it claims: it collects Hacker News items and article snippets, produces a materials JSON and expects an LLM to generate the final report; its requirements and code are proportionate to that purpose.
- Guidance
- This skill appears internally consistent and implements exactly what it says: it fetches Hacker News items and article pages, writes a structured materials JSON, and expects the LLM to produce the user-facing report. Before installing, consider: (1) it will make outbound HTTP requests to the HN API and to article URLs — if you run this in a restricted environment, allow those domains or change execution policies; (2) it writes files to the configured outputDir (default is inside the agent workspace) — change the path if you want files elsewhere or restrict write permissions; (3) the skill can be invoked by the agent (default), so decide whether you want autonomous scheduled runs in your environment; (4) the code is small and uses only the Python standard library, but you can review/step-through the two scripts to satisfy privacy or content concerns. If you want higher assurance, run the scripts in a sandboxed environment or set persist=false so outputs are only delivered in-chat.
Review Dimensions
- Purpose & Capability
- okName/description (HN daily report with summaries and comment synthesis) match the included scripts and SKILL.md. The Python scripts fetch HN data and article snippets, produce a materials JSON, and validate final reports — all coherent with the stated purpose. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs collecting fresh HN top-N, building materials JSON, running an LLM to produce the final report, and optionally persisting files. The included scripts implement only the data-collection/materials-writing and validation steps. The skill fetches external web pages (article snippets) and writes output files to a workspace directory — expected for this functionality.
- Install Mechanism
- okThere is no install spec (instruction-only with two small Python scripts). The scripts use only Python stdlib modules and perform no downloads or external package installs. This is low-risk and proportionate.
- Credentials
- okThe skill requires no environment variables or credentials. It performs network requests to public HN API and article URLs (expected). Default outputDir points to an agent workspace, which is reasonable; users can override it if they prefer a different path.
- Persistence & Privilege
- okalways:false (not force-enabled). The skill writes files only to the configured outputDir and updates an index file when persist=true — behavior described in SKILL.md and implemented in scripts. It does not modify other skills or system-wide settings.