ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rss Aggregator

v1.0.0

Parse, aggregate and process RSS/Atom feeds. Use when user wants to track multiple RSS feeds, create personalized news digest, monitor blog updates, or build...

0· 41·0 current·0 all-time
byBIN@dinghaibin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dinghaibin/rss-agg.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Rss Aggregator" (dinghaibin/rss-agg) from ClawHub.
Skill page: https://clawhub.ai/dinghaibin/rss-agg
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install rss-agg

ClawHub CLI

Package manager switcher

npx clawhub@latest install rss-agg
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the included script and instructions: the code fetches feeds, parses RSS/Atom, filters, and formats output. There are no unrelated environment variables, binaries, or install steps requested.
!
Instruction Scope
The SKILL.md instructs running the provided script and shows examples (including piping results to external tools like telegram-send). The bundled Python code fetches arbitrary URLs and parses XML. Notable risky behaviors in the runtime code: it explicitly disables TLS certificate validation (ssl.CERT_NONE and check_hostname=False) which permits MITM attacks, and it uses xml.etree.ElementTree without mitigations (raising potential XML parsing vulnerabilities). The SKILL.md's examples that call external notification tools mean outputs could be transmitted externally if the user configures them.
Install Mechanism
No install spec; code is provided directly. Nothing is downloaded from remote hosts during installation. This minimizes supply-chain risk.
Credentials
The skill requests no credentials or environment variables. There is no disproportionate credential request relative to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It runs only when invoked.
What to consider before installing
This skill is functionally coherent for aggregating feeds, but review the following before using: 1) The script disables TLS certificate verification (ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE). That makes feed downloads vulnerable to man-in-the-middle attacks — consider removing those lines so certificates are validated. 2) The code uses Python's xml.etree.ElementTree without explicit protections; consider using a hardened XML parser (e.g., defusedxml) to prevent XML external entity (XXE) issues. 3) The script will fetch any URL you provide (including internal network addresses); avoid pointing it at sensitive internal endpoints or run it in a restricted/containerized environment. 4) SKILL.md examples use external notification tools (telegram-send) — ensure any notification integrations are configured safely and you understand what data will be transmitted. If you want to proceed, run this in an isolated environment, sanitize feed lists, and patch the TLS/XML issues first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9775e2sp95ev3vs05tvwmbef985mwxm
41downloads
0stars
1versions
Updated 17h ago
v1.0.0
MIT-0
BIN@dinghaibin
latest
Download

RSS Aggregator

Parse, aggregate and process RSS/Atom feeds for content aggregation and monitoring.

Quick Start

python scripts/aggregator.py --feeds feeds.txt --output items.json

Core Features

  • Multi-feed Aggregation: Combine multiple RSS/Atom sources
  • Content Parsing: Extract title, link, description, pubDate
  • Filtering: Filter by keyword, date, category
  • Output Formats: JSON, HTML, Markdown
  • Scheduling: Integrate with cron for periodic updates

Usage

python scripts/aggregator.py [OPTIONS]

Options:
  --feeds FILE       File with feed URLs (one per line)
  --url URL          Single feed URL (can repeat)
  --output FILE      Output file (JSON)
  --format FORMAT   Output format: json, html, markdown
  --limit N          Maximum items to return
  --keyword TEXT     Filter by keyword in title/description
  --since DATE       Only items after this date (ISO format)

Examples

# Aggregate multiple feeds
python scripts/aggregator.py --feeds my-feeds.txt --output news.json

# Single feed with keyword filter
python scripts/aggregator.py --url "https://example.com/feed.xml" --keyword "AI" --limit 10

# Generate HTML newsletter
python scripts/aggregator.py --feeds feeds.txt --format html --output newsletter.html

# Filter recent items
python scripts/aggregator.py --feeds feeds.txt --since "2026-01-01" --output recent.json

Feed File Format

# Lines starting with # are comments
# Blank lines are ignored

# Tech news
https://news.ycombinator.com/rss
https://www.reddit.com/r/programming/.rss

# Blogs
https://example.com/blog/feed.xml

Integration

Telegram Notification

python scripts/aggregator.py --feeds feeds.txt --output /tmp/items.json
telegram-send "Found $(jq '. | length' /tmp/items.json) new items"

Daily Newsletter

# Run daily at 8 AM
0 8 * * * python /path/to/aggregator.py --feeds feeds.txt --format markdown --output /tmp/digest.md && telegram-send --file /tmp/digest.md

Use Cases

  • Personal news aggregator
  • Competitive intelligence monitoring
  • Content curation for newsletters
  • Industry trend tracking
  • Blog update notifications

Comments

Loading comments...