ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

News Aggregator Skill

Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, and Weibo. Best for 'daily scans', 'tech news briefings', 'finance updates', and 'deep interpretations' of hot topics.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
6 · 2.3k · 8 current installs · 8 all-time installs
by@nanjolnoring
duplicate of @tonyliu9189/news-aggregator-skill-2
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises fetching and deep-analysis across 8 sources using scripts (e.g., scripts/fetch_news.py) and file templates, but the package contains no code or templates. The skill does not declare any required binaries or credentials even though some sources (Weibo/Tencent) often require auth or special scraping. The claimed capabilities therefore are not matched by the manifest.
!
Instruction Scope
SKILL.md tells the agent to run local scripts, read templates.md in the skill directory, save full reports under reports/, and perform 'deep' fetching that downloads and extracts main article text. Because those files are absent, the instructions are internally inconsistent. The instructions also mandate automatic keyword expansion and broad fetching strategies that could cause extensive external requests and storage of scraped content — behavior not constrained or justified in the metadata.
Install Mechanism
There is no install spec and no code files — lowest installation surface. That is safer from an installation-exec perspective, but also means the instructions are non-actionable as-distributed (they reference scripts that are not present).
Credentials
The skill requests no environment variables or credentials (proportionate on its face). However, the instructions imply reading local files (templates.md) and writing reports to disk, and performing deep downloads/extraction of external content: these are I/O privileges not declared in metadata. Also, some target sources (Weibo/Tencent) may require cookies or tokens in practice — the skill doesn't declare or justify those.
Persistence & Privilege
The skill does not set always:true and has no explicit disableModelInvocation setting (so default model-invocable behavior applies). This is normal, but because the skill promises broad autonomous fetching and deep scraping, you should be aware the model could invoke it without extra user prompts unless higher-level agent policies prevent that.
What to consider before installing
This package is missing the scripts and templates it instructs the agent to run and read. Before installing or enabling: (1) Ask the publisher for the missing files (scripts/fetch_news.py, templates.md, any scripts referenced) so you can review them — especially the 'deep' fetching logic that downloads and extracts article content. (2) Confirm whether any credentials/cookies are needed for sources like Weibo/Tencent and why those are not declared. (3) If you plan to run it, run the code in a sandbox and inspect network behavior (which domains are contacted, whether it follows arbitrary links, and whether it uploads data elsewhere). (4) Consider requiring the skill be user-invocable only or disabling autonomous invocation until you vet the implementation. Given the current mismatch between claims and provided files, do not grant broad runtime trust yet.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97dcga5hsrscsr9g174tv5s9580eadm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

News Aggregator Skill

Fetch real-time hot news from multiple sources.

Tools

fetch_news.py

Usage:

### Single Source (Limit 10)
```bash
### Global Scan (Option 12) - **Broad Fetch Strategy**
> **NOTE**: This strategy is specifically for the "Global Scan" scenario where we want to catch all trends.

```bash
#  1. Fetch broadly (Massive pool for Semantic Filtering)
python3 scripts/fetch_news.py --source all --limit 15 --deep

# 2. SEMANTIC FILTERING:
# Agent manually filters the broad list (approx 120 items) for user's topics.

Single Source & Combinations (Smart Keyword Expansion)

CRITICAL: You MUST automatically expand the user's simple keywords to cover the entire domain field.

  • User: "AI" -> Agent uses: --keyword "AI,LLM,GPT,Claude,Generative,Machine Learning,RAG,Agent"
  • User: "Android" -> Agent uses: --keyword "Android,Kotlin,Google,Mobile,App"
  • User: "Finance" -> Agent uses: --keyword "Finance,Stock,Market,Economy,Crypto,Gold"
# Example: User asked for "AI news from HN" (Note the expanded keywords)
python3 scripts/fetch_news.py --source hackernews --limit 20 --keyword "AI,LLM,GPT,DeepSeek,Agent" --deep

Specific Keyword Search

Only use --keyword for very specific, unique terms (e.g., "DeepSeek", "OpenAI").

python3 scripts/fetch_news.py --source all --limit 10 --keyword "DeepSeek" --deep

Arguments:

  • --source: One of hackernews, weibo, github, 36kr, producthunt, v2ex, tencent, wallstreetcn, all.
  • --limit: Max items per source (default 10).
  • --keyword: Comma-separated filters (e.g. "AI,GPT").
  • --deep: [NEW] Enable deep fetching. Downloads and extracts the main text content of the articles.

Output: JSON array. If --deep is used, items will contain a content field associated with the article text.

Interactive Menu

When the user says "news-aggregator-skill 如意如意" (or similar "menu/help" triggers):

  1. READ the content of templates.md in the skill directory.
  2. DISPLAY the list of available commands to the user exactly as they appear in the file.
  3. GUIDE the user to select a number or copy the command to execute.

Smart Time Filtering & Reporting (CRITICAL)

If the user requests a specific time window (e.g., "past X hours") and the results are sparse (< 5 items):

  1. Prioritize User Window: First, list all items that strictly fall within the user's requested time (Time < X).
  2. Smart Fill: If the list is short, you MUST include high-value/high-heat items from a wider range (e.g. past 24h) to ensure the report provides at least 5 meaningful insights.
  3. Annotation: Clearly mark these older items (e.g., "⚠️ 18h ago", "🔥 24h Hot") so the user knows they are supplementary.
  4. High Value: Always prioritize "SOTA", "Major Release", or "High Heat" items even if they slightly exceed the time window.
  5. GitHub Trending Exception: For purely list-based sources like GitHub Trending, strictly return the valid items from the fetched list (e.g. Top 10). List ALL fetched items. Do NOT perform "Smart Fill".
    • Deep Analysis (Required): For EACH item, you MUST leverage your AI capabilities to analyze:
      • Core Value (核心价值): What specific problem does it solve? Why is it trending?
      • Inspiration (启发思考): What technical or product insights can be drawn?
      • Scenarios (场景标签): 3-5 keywords (e.g. #RAG #LocalFirst #Rust).

6. Response Guidelines (CRITICAL)

Format & Style:

  • Language: Simplified Chinese (简体中文).
  • Style: Magazine/Newsletter style (e.g., "The Economist" or "Morning Brew" vibe). Professional, concise, yet engaging.
  • Structure:
    • Global Headlines: Top 3-5 most critical stories across all domains.
    • Tech & AI: Specific section for AI, LLM, and Tech items.
    • Finance / Social: Other strong categories if relevant.
  • Item Format:
    • Title: MUST be a Markdown Link to the original URL.
      • ✅ Correct: ### 1. [OpenAI Releases GPT-5](https://...)
      • ❌ Incorrect: ### 1. OpenAI Releases GPT-5
    • Metadata Line: Must include Source, Time/Date, and Heat/Score.
    • 1-Liner Summary: A punchy, "so what?" summary.
    • Deep Interpretation (Bulleted): 2-3 bullet points explaining why this matters, technical details, or context. (Required for "Deep Scan").

Output Artifact:

  • Always save the full report to reports/ directory with a timestamped filename (e.g., reports/hn_news_YYYYMMDD_HHMM.md).
  • Present the full report content to the user in the chat.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…