ClawHub

Blogwatcher Moss

v1.0.0

Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.

0· 160·2 current·2 all-time
by@memoryf·fork of @steipete/blogwatcher (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (monitor blogs/RSS) matches the declared requirement (a blogwatcher binary) and the SKILL.md commands (add, scan, list, read). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains only usage and install instructions for the blogwatcher CLI. The runtime actions the agent is asked to perform are limited to invoking that CLI (e.g., blogwatcher scan, add, list). These commands will necessarily perform network requests (fetch feeds) and read/write the CLI's local storage (marking articles read) — behavior that matches the skill's purpose and is not out-of-scope for a feed watcher.
Install Mechanism
Install uses 'go install github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest', which fetches and builds code from GitHub. This is a common pattern but is moderate risk because it downloads and executes upstream source at @latest (moving target). Prefer pinning to a specific release or commit and/or reviewing the repository before installing. Also note a minor metadata mismatch: _meta.json.ownerId differs from the registry owner ID, which is worth verifying with the publisher.
Credentials
No environment variables, credentials, or config paths are required. The lack of sensitive requests is proportionate to a feed-watching CLI.
Persistence & Privilege
The skill is not forced-always and does not request system-wide config changes or elevated privileges. It can be invoked autonomously by the agent (platform default), which is expected for a user-invocable skill.
Assessment
This skill appears to be what it says: instructions are just how to install and use the blogwatcher CLI. The main risk is the install step: 'go install ...@latest' will fetch and compile upstream code at the latest tag/branch — that code could change between now and later. Before installing, review the GitHub repo (https://github.com/Hyaxia/blogwatcher), prefer a specific release or commit (not @latest), or use a prebuilt binary from a trusted source. Run the binary in a sandbox if you do not trust the publisher. Also verify the publisher identity (there is a small ownerId mismatch in _meta.json vs registry metadata). Finally, be aware the CLI will fetch external feeds (network access) and store/read local data (marking articles read), which is expected but relevant for privacy/security in constrained environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk971cdb0kj8jeh038ycn861j1s82we3w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis
Binsblogwatcher

Install

Install blogwatcher (go)
Bins: blogwatcher
go install github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest

Comments