Miniflux News
v0.1.0Fetch and triage the latest unread RSS/news entries from a Miniflux instance via its REST API using an API token. Use when the user asks to get the latest Miniflux unread items, list recent entries with titles/links, or generate short summaries of specific Miniflux entries. Includes a bundled script to query Miniflux (/v1/entries and /v1/entries/{id}) using credentials from ~/.config/clawdbot/miniflux-news.json (or MINIFLUX_URL and MINIFLUX_TOKEN overrides).
⭐ 1· 2.9k·8 current·8 all-time
by@hartlco
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name, description, SKILL.md, and included script align: the code only calls Miniflux REST endpoints (/v1/entries, /v1/entries/{id}, categories) and implements listing, fetching, summarizing, and marking-as-read. These capabilities are coherent with the stated purpose. Minor mismatch: registry metadata declares no required env vars/config paths, yet the skill expects MINIFLUX_URL/MINIFLUX_TOKEN or a config file at ~/.config/clawdbot/miniflux-news.json.
Instruction Scope
SKILL.md keeps scope narrow and explicit: it instructs the agent to use the bundled script for fetch/list/summary tasks and explicitly states it must not mark items read unless the user requests it. The instructions reference only the Miniflux API and the local config/env overrides; they do not instruct broader system reads or exfiltration.
Install Mechanism
No install spec; this is an instruction-only skill with an included Python script that uses only the standard library. Nothing is downloaded at install time and no third-party packages are introduced.
Credentials
The script legitimately requires a Miniflux URL and API token (MINIFLUX_URL and MINIFLUX_TOKEN) or an equivalent config file; that is proportionate to the stated function. However the registry metadata lists no required env vars or config paths — a documentation/metadata omission that reduces transparency. The script writes/reads ~/.config/clawdbot/miniflux-news.json (it attempts to set restrictive perms when writing).
Persistence & Privilege
The skill does not request permanent platform privileges and does not set always:true. Its only persistence is an optional config file under the user's XDG config directory; the configure command writes that file and tries to set restrictive permissions. The skill does perform network calls to the user-supplied Miniflux URL using the provided token, which is expected behavior.
Assessment
This skill appears to do exactly what it says: it queries a Miniflux instance and only marks items read when you ask. Before installing, consider: 1) the registry metadata does not list the required MINIFLUX_URL/MINIFLUX_TOKEN or the config path — verify you are comfortable providing an API token to this skill and review the script source (provided) to confirm behavior; 2) prefer creating a read-only/minimum-scope token in Miniflux if possible; 3) the skill will write a plaintext JSON config to ~/.config/clawdbot/miniflux-news.json (it attempts 600 perms) — if you store secrets there, ensure filesystem permissions meet your policy; 4) because the skill's source/homepage/owner are not well-documented, only install if you trust the publisher or after manual review of the included script. If you want higher assurance, ask the publisher for a homepage or signed release, or run the script locally yourself rather than allowing autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk9789fqdrwc6ycmm5d26ec6v6h7zs2xj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.