Simple news feed reader (RSS)

OpenClaw Agent Skill The core Python script (`scripts/news.py`) and the skill instructions (`SKILL.md`) appear benign, focused on fetching and displaying news from RSS feeds using only standard libraries. However, the `.claude/settings.local.json` file grants unnecessary and broad Bash permissions, specifically `Bash(git add:*)`, `Bash(git commit:*)`, and `Bash(tree:*)`. These permissions are not required for a news-fetching skill and introduce a significant security risk, as they could be exploited by a prompt injection or a modified skill to perform unauthorized actions like modifying the repository or listing sensitive file structures.