RSS Daily Digest
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised RSS entry could include text that tries to influence the agent, although the intended workflow is only to summarize the content.
The agent processes article titles and descriptions fetched from external RSS feeds. That is expected for the skill, but feed content is untrusted and should not be treated as instructions.
For each article in the JSON output: - Read the title and description - Generate a one-sentence summary
Keep feed text isolated as source material for summaries, and do not follow instructions embedded in article titles or descriptions.
Installing the latest package from the default Python package source may introduce normal dependency supply-chain risk.
The skill depends on an external Python package and suggests installing it without a pinned version. This is common and purpose-aligned, but it leaves package provenance and version control to the user.
If `feedparser` is not installed, run: `pip3 install feedparser`
Install dependencies from a trusted environment, preferably with a pinned or reviewed feedparser version if using this skill regularly.