ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

News Aggregator Skill

Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, and Weibo. Best for 'daily scans', 'tech news briefings', 'finance updates', and 'deep interpretations' of hot topics.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
19 · 7.2k · 85 current installs · 90 all-time installs
by@cclank
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included Python scraper: the code fetches Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent, WallStreetCN, V2EX and Weibo and supports a '--deep' mode to download article text. No credentials or unrelated env vars are requested. The only mild mismatch: SKILL.md strongly pushes automatic expansive keyword expansion (making queries far broader than a user's simple request), which is a design choice that increases scope beyond a minimal aggregator.
!
Instruction Scope
SKILL.md contains strong 'MUST'/'CRITICAL' directives (auto-expansion of user keywords, 'Smart Fill' of items outside time windows, mandatory deep analysis for each item), instructs the agent to read templates.md and to save reports to reports/ (writes files). A pre-scan flagged 'unicode-control-chars' in SKILL.md (prompt-injection pattern) — this could be an attempt to manipulate agent behavior. The instructions also encourage broad fetching (Global Scan ~120 items) and deep fetching of article content, which may cause the agent to download and process many external pages beyond what the user explicitly asked for.
Install Mechanism
There is no automatic install spec — instruction-only with a Python script and a small requirements.txt (requests, beautifulsoup4). No arbitrary binary downloads or obscure installers detected. README suggests cloning from a GitHub repo (no homepage provided in registry metadata), so provenance is weak but installation mechanism itself is low-risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code uses public HTTP endpoints only. This is proportional for a web-scraping news aggregator.
Persistence & Privilege
always:false (normal). The skill instructs saving generated reports to a reports/ directory (writing files to disk) — expected for a reporting tool but worth noting if you run in an environment containing sensitive data. It does not request to modify other skills or global agent configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode injection characters were detected in SKILL.md. These are not necessary for a news-aggregator and may be intended to manipulate prompt parsing or agent behavior. Recommend inspecting SKILL.md and removing any invisible control characters.
What to consider before installing
This skill appears to implement the advertised aggregator, but exercise caution before installing: 1) Source provenance is weak (no homepage, repo ownership unclear) — prefer code from a known repository. 2) SKILL.md contains prompt-injection-like unicode control characters; inspect and remove them before use. 3) The skill's 'Global Scan' and automatic keyword expansion can fetch and analyze a large number of pages (including arbitrary article URLs discovered during scraping) — run it in a sandbox or container and avoid enabling autonomous invocation on agents that have access to sensitive systems. 4) If you will use '--deep', be aware it downloads page content (up to 3000 chars) which could include tracking code or sensitive snippets; consider disabling deep fetch or restricting to a whitelist of domains. 5) Review scripts/fetch_news.py for any hidden behavior (the provided code looks like standard scraping but audit the truncated parts, e.g., Product Hunt fetcher). 6) If you decide to proceed, restrict the skill's permissions, run it in an isolated environment, and monitor outbound network activity and files created under the reports/ directory.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk971tfwrkk7qnx2sdwe5m0ne017zzw8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

News Aggregator Skill

Fetch real-time hot news from multiple sources.

Tools

fetch_news.py

Usage:

### Single Source (Limit 10)
```bash
### Global Scan (Option 12) - **Broad Fetch Strategy**
> **NOTE**: This strategy is specifically for the "Global Scan" scenario where we want to catch all trends.

```bash
#  1. Fetch broadly (Massive pool for Semantic Filtering)
python3 scripts/fetch_news.py --source all --limit 15 --deep

# 2. SEMANTIC FILTERING:
# Agent manually filters the broad list (approx 120 items) for user's topics.

Single Source & Combinations (Smart Keyword Expansion)

CRITICAL: You MUST automatically expand the user's simple keywords to cover the entire domain field.

  • User: "AI" -> Agent uses: --keyword "AI,LLM,GPT,Claude,Generative,Machine Learning,RAG,Agent"
  • User: "Android" -> Agent uses: --keyword "Android,Kotlin,Google,Mobile,App"
  • User: "Finance" -> Agent uses: --keyword "Finance,Stock,Market,Economy,Crypto,Gold"
# Example: User asked for "AI news from HN" (Note the expanded keywords)
python3 scripts/fetch_news.py --source hackernews --limit 20 --keyword "AI,LLM,GPT,DeepSeek,Agent" --deep

Specific Keyword Search

Only use --keyword for very specific, unique terms (e.g., "DeepSeek", "OpenAI").

python3 scripts/fetch_news.py --source all --limit 10 --keyword "DeepSeek" --deep

Arguments:

  • --source: One of hackernews, weibo, github, 36kr, producthunt, v2ex, tencent, wallstreetcn, all.
  • --limit: Max items per source (default 10).
  • --keyword: Comma-separated filters (e.g. "AI,GPT").
  • --deep: [NEW] Enable deep fetching. Downloads and extracts the main text content of the articles.

Output: JSON array. If --deep is used, items will contain a content field associated with the article text.

Interactive Menu

When the user says "news-aggregator-skill 如意如意" (or similar "menu/help" triggers):

  1. READ the content of templates.md in the skill directory.
  2. DISPLAY the list of available commands to the user exactly as they appear in the file.
  3. GUIDE the user to select a number or copy the command to execute.

Smart Time Filtering & Reporting (CRITICAL)

If the user requests a specific time window (e.g., "past X hours") and the results are sparse (< 5 items):

  1. Prioritize User Window: First, list all items that strictly fall within the user's requested time (Time < X).
  2. Smart Fill: If the list is short, you MUST include high-value/high-heat items from a wider range (e.g. past 24h) to ensure the report provides at least 5 meaningful insights.
  3. Annotation: Clearly mark these older items (e.g., "⚠️ 18h ago", "🔥 24h Hot") so the user knows they are supplementary.
  4. High Value: Always prioritize "SOTA", "Major Release", or "High Heat" items even if they slightly exceed the time window.
  5. GitHub Trending Exception: For purely list-based sources like GitHub Trending, strictly return the valid items from the fetched list (e.g. Top 10). List ALL fetched items. Do NOT perform "Smart Fill".
    • Deep Analysis (Required): For EACH item, you MUST leverage your AI capabilities to analyze:
      • Core Value (核心价值): What specific problem does it solve? Why is it trending?
      • Inspiration (启发思考): What technical or product insights can be drawn?
      • Scenarios (场景标签): 3-5 keywords (e.g. #RAG #LocalFirst #Rust).

6. Response Guidelines (CRITICAL)

Format & Style:

  • Language: Simplified Chinese (简体中文).
  • Style: Magazine/Newsletter style (e.g., "The Economist" or "Morning Brew" vibe). Professional, concise, yet engaging.
  • Structure:
    • Global Headlines: Top 3-5 most critical stories across all domains.
    • Tech & AI: Specific section for AI, LLM, and Tech items.
    • Finance / Social: Other strong categories if relevant.
  • Item Format:
    • Title: MUST be a Markdown Link to the original URL.
      • ✅ Correct: ### 1. [OpenAI Releases GPT-5](https://...)
      • ❌ Incorrect: ### 1. OpenAI Releases GPT-5
    • Metadata Line: Must include Source, Time/Date, and Heat/Score.
    • 1-Liner Summary: A punchy, "so what?" summary.
    • Deep Interpretation (Bulleted): 2-3 bullet points explaining why this matters, technical details, or context. (Required for "Deep Scan").

Output Artifact:

  • Always save the full report to reports/ directory with a timestamped filename (e.g., reports/hn_news_YYYYMMDD_HHMM.md).
  • Present the full report content to the user in the chat.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…