Hacker News Daily
v1.0.1Fetch and filter Hacker News top stories. Use when user asks for tech news, HN updates, daily news digest, or wants to set up automated HN fetching. Supports...
⭐ 0· 394·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (HN top stories, keyword filtering, caching) lines up with the included Python script and reference file which call the official Hacker News Firebase API and implement filtering/caching. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md instructs running scripts/fetch_hn.py and documents use of HTTP_PROXY/HTTPS_PROXY which the script reads. The script only performs HTTP requests to the Hacker News API, filters results, and writes a cache file. It does not read arbitrary user files or attempt to transmit data to unknown endpoints, but it does write cached output to ~/.cache/hn-daily/hn_cache.json (expected for caching).
Install Mechanism
This is an instruction-only skill with a small included script and no install spec. No downloads or third-party installation steps are declared. The script depends on the Python 'requests' library but does not attempt to install it.
Credentials
No required environment variables or credentials are declared. The script reads standard proxy env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) described in SKILL.md — these are reasonable for networked tools but are environment inputs beyond the declared requires.env (which is empty). There are no secrets requested or stored.
Persistence & Privilege
The skill does not request permanent platform presence (always:false) and does not modify other skills or system-wide settings. Its only persistent footprint is a cache file under the user's home directory (~/.cache/hn-daily/hn_cache.json).
Assessment
This skill appears to do only what it claims: make HTTP requests to the Hacker News API, filter results, and cache them locally. Before installing or running: 1) be aware it makes outbound network requests (ensure your environment permits this). 2) It respects HTTP_PROXY/HTTPS_PROXY/ALL_PROXY — if you use a proxy, that proxy will see the requests and responses. 3) It writes a cache file to ~/.cache/hn-daily/hn_cache.json (contains story data only); remove it if you don't want local caches. 4) The script uses the Python 'requests' library — install it in a controlled environment (virtualenv) if you're cautious. 5) The script prints story URLs (which may link to arbitrary external sites) — treat links as you normally would. If you need higher assurance, run the script in an isolated environment (container) or review/execute the Python file yourself before granting the skill access.Like a lobster shell, security has layers — review code before you run it.
latestvk971cdpf2gy7c6e7sq5f3x65sn81w9ae
License
MIT-0
Free to use, modify, and redistribute. No attribution required.