News Crawler
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward news/RSS crawling helper, with the main cautions being that it fetches user-supplied URLs and feeds fetched web text into summaries.
Before installing, be comfortable that the skill will make web requests to URLs or RSS feeds you provide and may summarize the fetched text with the model. Use public sources, avoid private/internal URLs, respect site policies and rate limits, and consider adding URL allowlists if used in a controlled environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong target, the agent could make unintended requests to non-news, private, or rate-limited sites.
The crawler accepts a command-line URL and performs an outbound request to it. This is expected for a news crawler, but it is broad URL-fetching authority.
url = sys.argv[1] ... with urlopen(req, timeout=timeout) as response:
Use explicit public news/RSS URLs, respect robots.txt and rate limits, and consider adding allowlists or deny rules for private/internal addresses if deployed in a sensitive environment.
A web page could contain misleading or instruction-like text; the agent should summarize it rather than follow it as instructions.
The workflow brings external web page content into the model context for summarization. That content is untrusted, even though this is purpose-aligned.
爬取详细内容 - 对每篇文章使用 crawl.py 获取全文 4. **生成摘要** - 使用 LLM 总结每篇文章的核心内容
Treat crawled content as quoted source data only, ignore instructions embedded in pages or RSS items, and prefer source citations in generated reports.
Installation or invocation may fail or be less transparent if the runtime does not clearly prompt for Python/network use.
The documented workflow depends on running included Python scripts, while the registry requirements list no required binaries. This is an under-declared setup detail, not hidden behavior.
python3 scripts/rss_fetcher.py
Declare python3 and the network-fetching capability in metadata so users and agents understand the expected runtime environment.