GNews CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only skill for installing and using a GNews command-line client, with expected API-key and GitHub build steps that users should review before running.
Before installing, make sure you trust the linked GitHub repository, avoid using sudo unless you need a global command, and keep your GNEWS_API_KEY private. The artifacts do not show deceptive, destructive, or purpose-mismatched behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the upstream repository changes or is compromised, the built binary could behave differently than expected.
The install flow builds a binary from an external GitHub repository rather than from bundled reviewed code; this is central to the skill's purpose but depends on trusting the upstream source.
git clone https://github.com/ParinLL/gnewsapi-go-client.git cd gnewsapi-go-client go build -o gnews-client .
Review the GitHub repository and consider pinning or checking a specific commit before building.
A globally installed binary can be run from anywhere and the sudo step modifies a system directory.
The skill documents an optional privileged command to install the compiled binary globally; this is disclosed and purpose-aligned, but it changes the local system path.
sudo install gnews-client /usr/local/bin/
Only use the sudo install step if you trust the built binary and actually need a global installation; otherwise run it from the project directory.
The API key grants access to the user's GNews account quota and should be kept private.
The skill requires a GNews API key, which is expected for the GNews service and is not shown being logged or sent anywhere unrelated.
export GNEWS_API_KEY="your-api-key"
Store the API key securely, avoid sharing terminal output that contains secrets, and rotate the key if it is exposed.