Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Noisepan Digest
v1.0.5Set up automated news digests using noisepan (signal extraction), entropia (source verification), and HN blind spot detection. Use when configuring daily new...
⭐ 0· 431·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description ask for noisepan + entropia for news signal extraction and verification, and the SKILL.md consistently instructs installing and configuring those exact binaries. Suggested supporting tools (python3, curl) are reasonable for the scripts and commands provided.
Instruction Scope
Instructions stay within the expected scope: installing noisepan/entropia, editing ~/.noisepan/config.yaml and taste.yaml, creating helper scripts in ~/.local/bin, and pulling RSS/HN feeds. Minor inconsistencies: the registry metadata lists only noisepan and entropia as required binaries while the SKILL.md also requires python3 and curl; some commands (grep -oP, sha256sum) assume specific tooling availability which may not exist on all platforms but are not malicious.
Install Mechanism
No install spec in the registry (instruction-only). Install steps point to Homebrew formulae and GitHub releases for ppiankov/noisepan and ppiankov/entropia, and include checksum verification. These are standard mechanisms; the Linux flow downloads release archives and verifies checksums before extraction (reasonable). The README asks to prompt before writing to /usr/local/bin — good practice. User should still verify the GitHub project and release artifacts before executing.
Credentials
No credentials, tokens, or config paths beyond the user's home (~/.noisepan, ~/.local/bin, /tmp) are requested. The requested filesystem access (user config, optional write to /usr/local/bin) is proportionate to the skill's purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does instruct creating persistent helper scripts (in ~/.local/bin and optionally /usr/local/bin) and touching ~/.noisepan state; this is normal for a CLI integration but you should approve any writes to system locations like /usr/local/bin and review scripts before installing.
Assessment
This skill is an instruction-only integration for noisepan/entropia and appears coherent, but before installing do these simple checks: 1) Inspect the referenced GitHub repos (ppiankov/noisepan and /entropia) and verify they are the projects you expect and have recent trustworthy releases. 2) When using the Linux install, verify the checksums.txt and ideally the release signatures yourself before extracting into /usr/local/bin; prefer a user-local install (~/bin or ~/.local/bin) if you are unsure. 3) Review any helper scripts the SKILL.md writes to ~/.local/bin or /usr/local/bin before making them executable. 4) Ensure you have python3, curl, and sha256sum (or platform equivalents) installed and be aware some commands assume GNU grep (-P). 5) Avoid running install/extract commands as root unless you trust the release artifacts. These steps will reduce risk while allowing the skill to function as described.Like a lobster shell, security has layers — review code before you run it.
latestvk97fr3ptxf24e6dgtbysgchp45839zza
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnoisepan, entropia