Simple RSS news feed
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently fetches public RSS news headlines using a small Python script and shows no evidence of credential access, persistence, file mutation, or exfiltration.
This appears safe for a simple news-fetching skill. Before installing, be aware that invoking it will make outbound requests to public RSS providers, and that the AP feed uses rsshub.app as an intermediary.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will contact external news/RSS services and return their feed content.
The script makes outbound HTTP requests, but only to hardcoded RSS feed URLs defined in the FEEDS table, which is directly aligned with the news-fetching purpose.
with urlopen(req, timeout=15) as resp:
Install only if you are comfortable with the agent fetching public news feeds over the network; treat returned headlines and summaries as external content, not instructions.
Requests for the AP feed may go to RSSHub rather than directly to AP, exposing normal request metadata such as IP address and user agent to that service.
The AP source is fetched through the third-party rsshub.app service, while the user-facing description simply lists AP as a source.
"ap": {
"top": "https://rsshub.app/apnews/topics/apf-topnews",
}Consider disclosing RSSHub as the AP feed provider or replacing it with a direct AP RSS endpoint if available.