ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

News Summary Litiao

v1.0.0

This skill should be used when the user asks for news updates, daily briefings, or what's happening in the world. Fetches news from trusted international RSS...

0· 216·1 current·1 all-time
by@litiao1224

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for litiao1224/news-summary-litiao.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "News Summary Litiao" (litiao1224/news-summary-litiao) from ClawHub.
Skill page: https://clawhub.ai/litiao1224/news-summary-litiao
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install news-summary-litiao

ClawHub CLI

Package manager switcher

npx clawhub@latest install news-summary-litiao
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's described purpose (fetch RSS, summarize, optionally produce TTS) matches the runtime instructions for fetching public RSS feeds and summarizing them. However, the SKILL.md includes a curl call to the OpenAI TTS API relying on $OPENAI_API_KEY, yet the skill declares no required environment variables or primary credential. This is an incoherence between claimed requirements and actual instructions.
Instruction Scope
Instructions are narrowly scoped to fetching public RSS feeds, parsing titles/descriptions, summarizing, and optionally calling OpenAI's TTS endpoint. The workflow references only network calls to public news feeds and the OpenAI API and writes a temporary audio file (/tmp/news.mp3). The instructions do not request unrelated files, secrets, or system configuration—but they do rely on an undeclared API key.
Install Mechanism
This is instruction-only with no install spec and no code files, which minimizes installation risk. No third-party downloads or package installs are required by the manifest.
!
Credentials
The SKILL.md explicitly uses the environment variable $OPENAI_API_KEY for TTS, but requires.env and primary credential fields are empty. Requiring an API key for voice generation would be proportional to the feature, but the manifest's failure to declare this credential is an inconsistency that could lead to accidental exposure or misuse if a user supplies secrets without realizing where they'll be used.
Persistence & Privilege
The skill is not forced-always and allows normal user invocation/autonomous use (platform default). It does not request persistent system modifications or access to other skills' configurations.
What to consider before installing
This skill appears to do what it says (fetch RSS and summarize), but the runtime instructions call the OpenAI TTS API using $OPENAI_API_KEY even though the skill manifest does not declare any required environment variables. Before installing or enabling: 1) confirm you are comfortable providing an OpenAI API key (if you want TTS) and prefer that the agent use it; 2) ask the publisher to update the manifest to explicitly declare OPENAI_API_KEY (so the permission is visible); 3) verify the owner/slug metadata mismatch (_meta.json vs. registry) with the publisher to ensure this is the intended package; 4) be aware that audio output is written to /tmp/news.mp3 (temporary file) and that network calls fetch external RSS feeds and call api.openai.com, which may incur cost and transmit content to OpenAI. If you need stronger assurance, request the maintainer add explicit env requirements and a clear homepage/source before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97anxe70rc0ttestcnevvwnfs832a1d
216downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
@litiao1224
latest
Download

News Summary

Overview

Fetch and summarize news from trusted international sources via RSS feeds.

RSS Feeds

BBC (Primary)

# World news
curl -s "https://feeds.bbci.co.uk/news/world/rss.xml"

# Top stories
curl -s "https://feeds.bbci.co.uk/news/rss.xml"

# Business
curl -s "https://feeds.bbci.co.uk/news/business/rss.xml"

# Technology
curl -s "https://feeds.bbci.co.uk/news/technology/rss.xml"

Reuters

# World news
curl -s "https://www.reutersagency.com/feed/?best-regions=world&post_type=best"

NPR (US perspective)

curl -s "https://feeds.npr.org/1001/rss.xml"

Al Jazeera (Global South perspective)

curl -s "https://www.aljazeera.com/xml/rss/all.xml"

Parse RSS

Extract titles and descriptions:

curl -s "https://feeds.bbci.co.uk/news/world/rss.xml" | \
  grep -E "<title>|<description>" | \
  sed 's/<[^>]*>//g' | \
  sed 's/^[ \t]*//' | \
  head -30

Workflow

Text summary

  1. Fetch BBC world headlines
  2. Optionally supplement with Reuters/NPR
  3. Summarize key stories
  4. Group by region or topic

Voice summary

  1. Create text summary
  2. Generate voice with OpenAI TTS
  3. Send as audio message
curl -s https://api.openai.com/v1/audio/speech \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "tts-1-hd",
    "input": "<news summary text>",
    "voice": "onyx",
    "speed": 0.95
  }' \
  --output /tmp/news.mp3

Example Output Format

📰 News Summary [date]

🌍 WORLD
- [headline 1]
- [headline 2]

💼 BUSINESS
- [headline 1]

💻 TECH
- [headline 1]

Best Practices

  • Keep summaries concise (5-8 top stories)
  • Prioritize breaking news and major events
  • For voice: ~2 minutes max
  • Balance perspectives (Western + Global South)
  • Cite source if asked

Comments

Loading comments...