Back to skill
Skillv1.0.0
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 6:09 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are internally consistent for a public news-fetching skill, but the external API/service is unknown and unverified — verify the service before trusting it with sensitive queries.
- Guidance
- This skill is internally consistent: it simply issues curl requests to https://newsmcp.io and formats results. Before installing, verify the external service (newsmcp.io): check the site, privacy policy, TLS certificate, and whether the API is reputable. Because requests are sent to a third-party server, avoid sending sensitive or identifying query content (e.g., private document excerpts, tokens, or PII) through this skill. Test with non-sensitive queries first and watch for rate limits or unexpected responses. If you need stronger guarantees, prefer a well-known news provider or an API that requires your own API key under your control.
Review Dimensions
- Purpose & Capability
- okName and description match the runtime instructions: the SKILL.md only instructs the agent to make unauthenticated HTTP requests to newsmcp.io to fetch clustered news events. The only declared required binary is curl, which is appropriate for simple HTTP calls. (Minor note: registry metadata lists no homepage while SKILL.md includes https://newsmcp.io.)
- Instruction Scope
- okInstructions are narrowly scoped to issuing curl requests to the documented endpoints and formatting the returned JSON into a briefing. The doc does not ask the agent to read local files, other env vars, or send data to unrelated endpoints. It does, however, transmit user query parameters (topics/geo) to an external service as expected for this functionality.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — nothing is written to disk and no third-party packages are installed. That is the lowest-risk install model.
- Credentials
- okThe skill requires no environment variables or credentials, which is proportional to its stated purpose (public, no-auth API). There are no requests for unrelated secrets or config paths.
- Persistence & Privilege
- okThe skill does not request always-on presence and uses normal autonomous invocation defaults. It does not attempt to modify other skills or system-wide configuration.