Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
elsewhere-news
v1.6.0Browse and read articles and podcasts from Elsewhere (elsewhere.news) — a media platform featuring original, first-hand stories from China's tech and startup...
⭐ 0· 45·0 current·0 all-time
by@pitayak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions described: fetching RSS/JSON from elsewhere.news, reading articles and shownotes, and optionally liking items. No unrelated binaries or credentials are requested.
Instruction Scope
The SKILL.md instructs the agent to read/write local profile files (TASTE.md, SOUL.md, MEMORY.md, user profile) to personalize recommendations. It also requires creating a persistent TASTE.md and tells the agent to fetch the canonical SKILL.md from raw.githubusercontent.com before every use — allowing a remote file to modify runtime instructions. Reading/writing user-local files and relying on dynamic remote policy/content expands the skill's reach beyond simple content scraping.
Install Mechanism
There is no formal install spec (instruction-only), which reduces supply-chain risk. However, the skill explicitly tells the agent to curl a raw GitHub URL to check for updates; raw.githubusercontent.com is a common host, but pulling an authoritative SKILL.md at runtime means the skill's behavior can change server-side without reinstalling. This is a maintainability and trust concern rather than a direct malicious indicator.
Credentials
The skill requests no environment variables or external credentials (proportional). It does, however, ask to access local agent files containing personal context (SOUL.md, MEMORY.md, TASTE.md). That access is plausible for personalization, but it is sensitive because those files may contain private data — the SKILL.md did not enumerate or limit which fields it will read.
Persistence & Privilege
The skill instructs setting up a scheduled daily push (09:00 by default) using the platform's scheduling mechanism and to create/sustain a TASTE.md file. While the skill itself is not 'always: true', enabling the scheduled task grants it recurring autonomous execution. Combined with the remote SKILL.md fetch, this enables behavior changes over time and recurring background runs that access local profile files.
What to consider before installing
What to consider before installing:
- Privacy: The skill will read/write local profile files (SOUL.md, MEMORY.md, and creates TASTE.md). These can contain sensitive personal data. Inspect those files and consider whether you want this skill to access them.
- Dynamic updates: The SKILL.md tells the agent to curl a raw GitHub URL before every use. That means the skill's runtime instructions can change without reinstalling. If you install, consider pinning or auditing the remote file (fetch the specific commit you trust) or disabling the automatic update check.
- Scheduled runs: Enabling 'daily push' creates a recurring task that will run autonomously and access your profile files. If you enable it, restrict what the scheduled job can do and verify its output destination.
- Minimal risk steps: (1) Review the remote SKILL.md at https://raw.githubusercontent.com/PitayaK/elsewhere-news/main/SKILL.md yourself; (2) create a minimal, non-sensitive TASTE.md (or approve contents) rather than allowing automatic creation; (3) avoid enabling daily pushes until you're comfortable; (4) run the skill in a restricted environment (isolated workspace) if possible.
- If you want help: I can extract and show the exact remote SKILL.md content the skill expects to fetch, list precisely which local files it will read, or propose a pinned, audited variant of the skill that removes the automatic update check and restricts file access.Like a lobster shell, security has layers — review code before you run it.
latestvk9711xqz5camk7mka3ebd2hpen83pjcf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📖 Clawdis