Podcast Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it says: manage podcast subscriptions using public RSS feeds and small local tracking files, with no credential use or hidden high-impact actions.
Before installing, be comfortable with the skill creating local memory/podcasts files and fetching public RSS feeds or podcast pages. Prefer official feed URLs and review the local tracking files if you want to clear stored listening history.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make web requests to podcast sites, search results, or feed hosts while resolving podcast subscriptions.
The skill intentionally uses web tools to discover and retrieve podcast feeds. This is expected for the stated purpose, but users should know external sites may be contacted.
Use `web_search` with query format: `"<podcast name> official rss feed"`. Open top candidates with `web_fetch`.
Use official podcast feed URLs when possible and confirm ambiguous feeds before subscribing, as the skill already instructs.
Podcast subscriptions and listening state may remain stored locally across sessions.
The skill persists podcast subscriptions, listening progress, bookmarks, and notes in local workspace files. This is central to the podcast-management function but creates a lasting local record of user interests.
Use these workspace files by default: `memory/podcasts/subscriptions.json`, `memory/podcasts/state.json`, `memory/podcasts/notes.md` ... If files or parent directories do not exist, create them.
Review or delete the memory/podcasts files if you do not want podcast interests, bookmarks, or notes retained.