News Aggregator Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: news-aggregator-skill-4 Version: 0.1.0 The `SKILL.md` file instructs the AI agent to automatically expand user-provided keywords (e.g., 'AI' to 'AI,LLM,GPT,...') before passing them to the `fetch_news.py` script. This is a form of prompt injection where the agent modifies user input based on internal instructions. While the immediate objective of this keyword expansion is benign (improving search results), it demonstrates a risky capability for the agent to alter user input, which could be a vector for injecting unintended arguments or commands under different instructions. Additionally, the skill involves downloading and parsing content from external websites via the `--deep` flag, which is a high-risk operation, though necessary for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run as described, or an agent/user may need to locate or provide code that was not included in the package.
The skill references helper/template files, but the supplied manifest contains only SKILL.md and no install spec, so the runnable implementation and template provenance are not present in the reviewed artifacts.
python3 scripts/fetch_news.py --source all --limit 15 --deep ... READ the content of `templates.md` in the skill directory
Before executing, verify that scripts/fetch_news.py and templates.md are present, expected, and from a trusted source.
A report may include supplementary older stories even when the user asked for a strict recent time range.
For sparse time-window queries, the skill tells the agent to include older items beyond the user's requested window, although it also requires those items to be clearly annotated.
If the list is short, you MUST include high-value/high-heat items from a wider range (e.g. past 24h)
If strict filtering matters, ask explicitly for only items within the requested time window and review any annotations on older items.
Local report files may remain after use and could reveal the news topics or briefings the user requested.
The skill creates persistent local report files containing generated summaries and links; this is scoped and purpose-aligned, but it leaves durable output on disk.
Always save the full report to `reports/` directory with a timestamped filename
Store reports only where appropriate and delete old reports if the topics or generated briefings are sensitive.