Common-Fetcher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be relying on an npm package without an obvious project source in the reviewed artifacts.
The registry metadata does not provide an upstream source or homepage, so the declared npm package has limited provenance information in the supplied artifacts.
Source: unknown Homepage: none
Verify the npm package publisher, package contents, and version before installing, especially in sensitive environments.
The skill may contact many configured websites or APIs and create local output files.
The skill is designed to make external RSS/web/API requests and write report files, including from a custom source configuration. This is expected for the stated purpose but should remain user-controlled.
多源支持: RSS、网页抓取、API 集成 ... common-fetcher --config custom-sources.json --output daily.md
Use trusted source configuration files, confirm output paths, and ensure collection complies with site/API rules.
Summaries or classifications could reflect misleading or adversarial content from fetched sources.
The skill describes AI processing and caching of fetched content. Retrieved web/API content is untrusted and could influence generated scores, categories, or summaries.
AI 处理: 自动评分、分类、摘要生成 ... Cache Manager
Treat fetched content and generated summaries as untrusted information; verify important claims before acting on them.
If you enable the example schedule, the skill can continue fetching data on a recurring basis.
The OpenClaw integration example includes a user-configured daily schedule. This is disclosed and optional, but it would make the fetcher run periodically if enabled.
"schedule": "0 8 * * *"
Enable schedules only when you want recurring collection, and keep a clear way to disable or change them.