Skillv1.0.0

ClawScan security

Latte News Fetcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 9:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: a Node-based news fetcher that uses public archive/summary services and an optional Tavily API; its requirements and code match the description and there is no evidence of unrelated credential access or hidden network endpoints.
Guidance: This skill is internally consistent with its stated purpose. Before installing: (1) accept that its goal is to bypass paywalls — this has legal/ethical implications you should consider for your jurisdiction and organization; (2) if you want Tavily-powered searches, provide a TAVILY_API_KEY (the script expects it for Tavily functions and will error otherwise); (3) the skill may advise installing third-party browser extensions and changing DNS/settings to access archive services — do not follow those steps without understanding the risks; (4) review the included scripts (scripts/fetch_news.mjs) yourself to confirm behavior and to ensure network calls go only to services you trust; (5) consider running the skill in a restricted environment if you are concerned about unintended browsing actions. Overall the package contains no obvious hidden exfiltration or unrelated credential requests, but paywall-bypass guidance is operationally intrusive and should be used with caution.

Review Dimensions

Purpose & Capability: okName/description (news fetching + paywall bypass) align with requested binaries (node), installed dependency (node-fetch), optional Tavily API key, and the included scripts. Writing a workspace CONFIG/news-preferences.md is coherent with the 'preferences' feature.
Instruction Scope: noteSKILL.md instructs the agent to use browser/web_fetch/tavily/smry.ai/archive.today/12ft.io and to read/write CONFIG/news-preferences.md — all consistent with the stated goal. It also contains operational advice that goes beyond simple fetching (e.g., instructing to change DNS, disable iCloud Private Relay, manually install bypass browser extensions, and asking users to log in). Those actions are potentially sensitive or legally/ethically questionable but are expressed as user-facing mitigation steps rather than hidden automation; still worth reviewing before use.
Install Mechanism: okInstall spec is minimal (node dependency: node-fetch). No downloads from untrusted URLs or archive extraction; code files are included in the bundle. This is a low-risk install mechanism.
Credentials: okOnly an optional TAVILY_API_KEY is referenced (declared in SKILL.md). No other tokens/credentials or unrelated environment variables are requested. The Node script will throw if Tavily functions are invoked without the key — marked optional in the metadata but worth noting to avoid runtime errors.
Persistence & Privilege: okalways:false, user-invocable, and the only persistent write is the skill-specific CONFIG/news-preferences.md in the workspace — expected for storing user preferences. The skill does not request system-wide changes or other skills' configs.