Multisource Intel Radar
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a benign feed-digest helper, but it will read a local OPML/feed list, fetch the listed web feeds, and save a normalized feed list, so users should review the sources before running it.
Before installing or running, review the OPML/feed list and remove any private or unfamiliar URLs. Expect the skill to make web requests to listed feeds and to save a normalized feed list locally. There is no evidence of credential use, exfiltration, destructive actions, or hidden background behavior.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you supply an untrusted feed list, the skill may contact web addresses you did not intend to query.
The digest builder fetches URLs from the feed list. This is central to the skill's purpose, but an untrusted OPML/feed list could cause outbound requests to unintended URLs.
for src_title, url in read_feeds(args.feeds)[: args.max_feeds]: ... urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'}) ... urllib.request.urlopen(req, timeout=12)Review OPML and assets/feeds.txt before running; prefer trusted HTTP/HTTPS RSS feeds and remove private, internal, or unknown URLs.
You have less external context for who maintains the skill or where updates come from.
The package includes readable scripts and no install-time downloader, but the registry metadata does not provide a source repository or homepage for independent provenance checks.
Source: unknown; Homepage: none
Inspect the included files before use and prefer installing updates from a publisher or repository you trust.
Your feed subscriptions or interests may be copied into a local file that remains after the digest is generated.
The workflow reads a local OPML subscription file and persists normalized feed titles and URLs into the skill's assets directory.
OPML file (default: `/Users/rogeryang/Downloads/follow.opml`) ... Generate normalized feed list: `assets/feeds.txt`
Use a non-sensitive OPML file, review the generated assets/feeds.txt, and delete it if you do not want the feed list retained.