RSS采集器 | RSS Fetcher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The RSS fetcher is mostly purpose-aligned, but its generated HTML report appears to embed untrusted RSS data in executable JavaScript/HTML without safe escaping.
Review and trim the default feed list before running. The RSS functionality is coherent, but avoid opening or relying on generated HTML reports from untrusted feeds until the report generator safely escapes RSS-derived titles, categories, tags, and URLs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the generated data/index.html after fetching a malicious or compromised RSS feed could run unwanted JavaScript in the browser, alter the report, or attempt to send report data elsewhere.
Database values populated from RSS content are embedded into a <script> block and later inserted with innerHTML without visible HTML/JavaScript escaping. A malicious feed title/category/tag containing markup such as a script-breaking sequence could execute JavaScript when the generated local report is opened.
articles.append({ 'title': row['title'], 'url': row['url'], ... 'tags': tags_list }) ... const articles = {json.dumps(articles, ensure_ascii=False)}; ... selectedTagsContainer.innerHTML = selectedTags.map(tag => ` ... ${tag} ... onclick="removeTag('${tag}')" ... `).join('');Escape RSS-derived data before embedding it in HTML or JavaScript. Use safe JSON-in-script escaping for '<', '>', '&', and '</script>', render text with textContent instead of innerHTML, sanitize tags/categories, validate URLs, and prefer trusted HTTPS feeds.
Feed owners or compromised feeds can influence the stored titles, tags, categories, and report content. If an agent later reads this data, it should not treat it as trusted instructions.
The skill fetches external RSS data, derives tags from feed categories/titles, and persists article metadata in its local database. This is expected for an RSS manager, but the stored content is untrusted external context.
with urlopen(req, timeout=15) as response: data = response.read().decode('utf-8', errors='ignore') ... tags.add(cat_clean) ... INSERT OR IGNORE INTO articles (id, source_id, category, title, url, author, published_at)Treat fetched RSS content as untrusted data, clearly separate it from agent instructions, keep source labels visible, allow users to purge unwanted entries, and sanitize or escape content before reuse.
Running the default fetch may create many outbound network requests and store content from sources the user has not reviewed.
The default configuration includes many external RSS sources, many enabled by default. Fetching external feeds is central to the skill, but it means running the fetch command will contact multiple third-party domains.
"_total_sources": 131, "sources": [ { "id": "simonwillison-rss", "url": "https://simonwillison.net/atom/everything/", "enabled": true }, ... ]Review config/sources.json before first use, disable unwanted sources, and use a conservative worker count if network volume or source trust is a concern.