Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code: both fetch Solidot articles and push or save content. However, the skill metadata declares no required binaries while the runtime scripts call external CLIs (openclaw browser commands and a feishu_doc CLI). That mismatch is an incoherence — those binaries/tools are needed for full functionality but are not declared.
Instruction Scope
SKILL.md limits runtime actions to running fetch.sh (or cron) and optionally setting FEISHU_DOC_TOKEN. The scripts only visit solidot.org (via browser or direct HTTP), build message content, and either write locally or attempt to write to a Feishu document. They do not read unrelated system files or transmit data to unexpected remote hosts.
Install Mechanism
No install spec (instruction-only plus bundled scripts). Nothing is downloaded or written by an installer; risk is low from install mechanism.
Credentials
The skill does not declare required env vars in registry metadata, but both SKILL.md and scripts accept FEISHU_DOC_TOKEN (and the shell script references FEISHU_APP_ID/FEISHU_APP_SECRET). Those env vars are proportional to pushing to Feishu, but the omission from metadata is an inconsistency the user should be aware of.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or global agent settings. It may be invoked autonomously (default), which is normal.
Assessment
This skill is internally consistent with its stated purpose — it scrapes solidot.org and prepares a Feishu doc. Before installing: (1) be aware the scripts expect the openclaw browser commands and a feishu_doc CLI to be available (these are not declared in the registry metadata); if you don't have them the push step will fall back to saving locally. (2) The Python parser has a likely typo (a 'shref' regex) and may fail to extract articles — expect brittle parsing. (3) If you configure FEISHU_DOC_TOKEN, ensure the token's scope is limited to the document/space you intend; treat tokens like secrets. (4) Because the shell script starts a browser and navigates pages, run this in a trusted/sandboxed agent if you are concerned about browser-based actions. If you want higher assurance, review or run the scripts locally first and verify the presence and behavior of openclaw and feishu_doc CLIs.Like a lobster shell, security has layers — review code before you run it.
latestvk9777ecpzsq8k5n3203rwzjcc5836av6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.