ClawHub
Back to skill
v1.0.0

soulmd-newsletter

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:02 AM.

Analysis

The skill appears to only fetch and show a public newsletter, with a small local state file and a packaging inconsistency users should verify.

GuidanceThis looks safe for its stated purpose of reading a public RSS feed. Before installing, be aware that it will contact Buttondown, may leave a small state file in your home directory if checking for new editions, and has a malformed script artifact that should be verified or fixed by the publisher.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
RSS_URL = "https://buttondown.com/soulmd/rss" ... urllib.request.urlopen(req, timeout=10)

The skill performs an outbound HTTP request to the disclosed newsletter RSS feed. This is central to the stated purpose and no unrelated endpoint or credential use is shown.

User impactInvoking the skill contacts Buttondown to retrieve the public SoulMD RSS feed and displays the returned newsletter content.
RecommendationUse it if you are comfortable with that network request, and treat displayed newsletter text as content rather than instructions for the agent.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/fetch_latest.py
**File 2: Inside `soul-md`, create a folder called `scripts`, then create `fetch_latest.py` with this content:** ... print(f"TITLE: {latest['title']}

The script file is not a clean Python file; it includes markdown instructions and appears incomplete, while SKILL.md contains a separate complete script. This creates packaging ambiguity, though not evidence of malicious behavior.

User impactThe skill may fail to run as packaged or may not match what a user expects from the manifest.
RecommendationVerify the installed file contents or ask the publisher to republish a clean, complete script before depending on this skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
SKILL.md
STATE_FILE = Path.home() / ".openclaw" / "soul-md-state.json" ... save_state({"last_seen_link": latest["link"], "last_checked": datetime.utcnow().isoformat()})

The optional new-edition check persists the last seen newsletter link and a timestamp in the user's home directory. The stored data is limited and purpose-aligned, but it is persistent local state.

User impactA small local file can remain after use, recording the last newsletter link the skill checked.
RecommendationIf you do not want persistent state, avoid the `--check-new` mode or delete `~/.openclaw/soul-md-state.json` after use.