ai-news-pipeline-new
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently implements a disclosed RSS-to-report workflow, with expected local file writes, optional API credential use, and dependency installation that users should review.
Before installing, use a virtual environment for dependencies, provide only trusted RSS sources and model endpoints, keep API keys scoped, and review generated Excel/Word reports before sharing or relying on them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may add or upgrade Python packages in the selected environment.
The dependency file lists packages without version pins; SKILL.md instructs installing dependencies from this file before first use, so package resolution depends on the user's package index and environment.
openpyxl python-docx
Install in a virtual environment and pin or verify package versions if reproducibility or supply-chain control matters.
If AI generation is enabled, the model API key can authorize calls and may incur account usage or cost.
The script reads a user-provided model API key and sends it as a bearer token to the configured ARK model endpoint. This is expected for AI summary generation and no hardcoded or unrelated credential use is shown.
ARK_API_KEY = os.getenv("ARK_API_KEY", "").strip() ... "Authorization": f"Bearer {ARK_API_KEY}"Use a scoped API key where possible, confirm the model endpoint is trusted, and use --disable-ai when model calls are not needed.
Manipulated or low-quality feed items could affect generated titles, summaries, impact scores, and saved reports.
The workflow stores retrieved feed content and uses it as model context for generated summaries and scores. This is disclosed and purpose-aligned, but report quality depends on the trustworthiness of configured feeds.
reading user-configured RSS / Atom feeds ... calling a user-configured Volcengine model endpoint ... store raw and incremental collected news data; persist deduplication state
Use trusted RSS sources, review generated reports before relying on them, and manage retention of workspace data if feeds contain non-public content.