Ai News Zh 1.0.0
PassAudited by ClawScan on May 15, 2026.
Overview
This no-code skill coherently fetches public AI news and posts a Chinese briefing, with notable but purpose-aligned risks around scheduled posting, provider credentials, and provenance inconsistency.
This appears reasonable for a Chinese AI-news briefing skill. Before enabling it, run it manually once, verify the output and target channel, use limited-scope API keys or bot tokens, keep scheduled jobs easy to disable, and note the owner/source metadata inconsistency if provenance is important to you.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a messaging tool, the agent may post news summaries to a Feishu, Telegram, or Discord destination.
The skill can use external search and messaging tools. This is aligned with collecting news and pushing a digest, but message posting can affect external channels.
optional:\n tools: [web_search, message]
Run it manually first, verify the destination channel, and grant only the minimum posting permissions needed.
A search API key or messaging integration token may be needed for full functionality.
The skill discloses optional use of a Brave API key, while the registry metadata declares no required credentials. The credential use is purpose-aligned but under-specified.
web_search 可大幅提升采集能力(可选,需Brave API key)
Use dedicated, least-privilege API keys or bot tokens and avoid granting admin or broad workspace permissions.
Once scheduled, the agent may keep fetching and posting daily briefings without a fresh manual prompt each day.
The skill recommends scheduled recurring operation. This is disclosed and fits the daily-news purpose, but it creates unattended agent activity.
设置cron任务,每天早上自动推送
Confirm the briefing format manually before scheduling, document where the cron/job is configured, and keep a simple way to pause or remove it.
It may be harder to verify who originally authored or packaged the skill.
The embedded _meta owner ID differs from the registry owner ID shown for this review. With no source or homepage, this is a provenance inconsistency, though there is no runnable code in the package.
"ownerId": "kn70pmxm14zje7vy6bm9k5ktc581z74d"
If publisher identity matters, verify the owner/source through ClawHub or use a version with consistent metadata.