ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Panews

v0.2.2

Entry point for reading PANews cryptocurrency / blockchain news and market narratives. Triggers: today's headlines, breaking news, trending rankings, article...

0· 186·0 current·0 all-time
bySeven Du@medz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (PANews reader) align with the workflows and the included CLI commands (list-articles, get-article, search-articles, get-hooks, etc.). No environment variables, binaries, or config paths are requested that would be unrelated to a news-reader skill.
Instruction Scope
SKILL.md restricts content to PANews reporting and provides explicit, scoped workflows for searches, briefings, and article reads. However it instructs the agent to execute a local Node CLI (node {Skills Directory}/panews/scripts/cli.mjs). Running that CLI gives the skill the ability to execute arbitrary JS on the host environment (network I/O, file access, environment access) — which is consistent with fetching news but broad in practice. The SKILL.md also contains a detected 'unicode-control-chars' injection signal, meaning there may be invisible characters in the text that could be hiding instructions or manipulations; that is unexpected for a normal documentation file.
Install Mechanism
No install spec (instruction-only) and the JS CLI is bundled inside the skill (scripts/cli.mjs). Bundling the executable is fine for an instruction-driven skill, but because the CLI is a large executable that will run locally, reviewers should inspect it for network endpoints, file I/O, or child_process usage. There are no external download URLs or extract steps, which reduces supply-chain risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for a read-only news reader. However, running the bundled CLI could still access process.env or local files if its code chooses to — the SKILL.md does not request or justify any secrets.
Persistence & Privilege
always is false and the agent policy allows implicit invocation (allow_implicit_invocation: true) which is typical for skills. The skill does not request elevated or persistent system-level privileges in the metadata. There is no install step that modifies other skills or system configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters. These are not expected in normal documentation and can be used to hide or obfuscate content (prompt-injection attempts). Recommend viewing the raw file with hidden characters revealed before trusting the skill.
What to consider before installing
This skill appears to be a coherent PANews reader: the SKILL.md workflows and bundled CLI implement article search, rankings, events, and briefings. However, before installing: 1) Inspect scripts/cli.mjs in full for network endpoints, calls to eval/child_process, direct fs reads, or usages of process.env — look for 'fetch', 'https', 'http', 'require("child_process")', 'exec', 'spawn', 'fs.readFile', and direct references to process.env keys. 2) Open SKILL.md in a text editor that can reveal invisible characters (zero-width/Unicode control chars) and remove or verify them — the scan flagged such characters. 3) Prefer running the CLI in a restricted sandbox first (no secrets, network controls) to observe behavior. 4) If you do not trust the publisher or cannot review the CLI code, do not enable autonomous invocation or install the skill. 5) Ask the publisher for source repository or homepage and a signed release; absence of an authoritative source reduces trust. If you want, I can scan the full CLI text for suspicious patterns (network calls, exec, env usage) — provide the full file content and I will analyze it.
!
scripts/cli.mjs:19
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qvzxvemje72k8bckfkt25d83jc7t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments