Google News Api Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that it can spend or consume BrowserAct account resources under the configured API key.
The skill uses a BrowserAct API key as a bearer credential to run the provider workflow. This is expected for the integration, but it grants access to the user's BrowserAct account capabilities.
api_key = os.getenv("BROWSERACT_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Use a scoped or revocable BrowserAct key if available, set it through a secure environment variable, and avoid pasting long-lived secrets into normal chat.
Your news queries and task parameters are shared with BrowserAct when the skill runs.
The script sends the search keywords, date filter, and item limit to BrowserAct's external API. This is central to the skill's purpose, but those query terms may reveal private research interests.
requests.post(f"{API_BASE_URL}/run-task-by-template", json=payload, headers=headers)Avoid submitting confidential keywords unless you are comfortable sharing them with BrowserAct, and review BrowserAct's data handling terms for sensitive research.
If the provider task never reaches a terminal state, the command could keep running and making status requests until stopped.
The script polls the remote task every 10 seconds until it sees finished, failed, or canceled, with no explicit maximum wait time in code.
while True: ... requests.get(f"{API_BASE_URL}/get-task-status?task_id={task_id}", headers=headers) ... time.sleep(10)Monitor long-running jobs and stop the command manually if it appears stuck; adding a maximum polling duration would improve containment.