RSS Daily Digest
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated purpose of turning public RSS feeds into a local Markdown digest, with only low-risk notes about untrusted feed text and an unpinned Python package install.
This appears safe for its stated RSS digest use. Before installing, verify you are comfortable fetching the listed public feeds, install feedparser from a trusted source if needed, and treat all RSS article text as untrusted content to summarize rather than instructions to follow.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised RSS entry could include text that tries to influence the agent, although the intended workflow is only to summarize the content.
The agent processes article titles and descriptions fetched from external RSS feeds. That is expected for the skill, but feed content is untrusted and should not be treated as instructions.
For each article in the JSON output: - Read the title and description - Generate a one-sentence summary
Keep feed text isolated as source material for summaries, and do not follow instructions embedded in article titles or descriptions.
Installing the latest package from the default Python package source may introduce normal dependency supply-chain risk.
The skill depends on an external Python package and suggests installing it without a pinned version. This is common and purpose-aligned, but it leaves package provenance and version control to the user.
If `feedparser` is not installed, run: `pip3 install feedparser`
Install dependencies from a trusted environment, preferably with a pinned or reviewed feedparser version if using this skill regularly.