Back to skill
Skillv1.0.0
ClawScan security
Daily News Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and runtime instructions line up with its stated purpose (fetching headlines) and do not request unrelated credentials or system access.
- Guidance
- This skill appears to do what it says: run a local Python script that scrapes Baidu and reads Google Trends RSS. Before installing/using it: (1) Run pip install inside an isolated virtual environment or container and review/lock dependency versions to avoid supply-chain risk. (2) Verify you trust network requests to the scripted endpoints (requests go to Baidu and Google Trends and will reveal the host IP). (3) Ensure the agent or runtime enforces the SAFETY.md guardrails: do not allow file reads/writes beyond executing the script, sanitize any error/stack-trace output before returning it to users, and run the script at most once per user request. (4) Review the script yourself if you need absolute assurance (it’s short and readable). If you cannot enforce these controls, avoid running pip install or executing the script in a privileged environment.
Review Dimensions
- Purpose & Capability
- okName/description match the included artifacts: a Python script that scrapes Baidu and reads Google Trends RSS. Declared requirements (python, PYTHONIOENCODING) are appropriate and proportional to the task; no unrelated credentials or config paths are requested.
- Instruction Scope
- noteSKILL.md directs the agent to run the bundled Python script and install the listed packages. The script only performs network fetches (Baidu page, Google Trends RSS) and formats output. Guardrails in SAFETY.md explicitly advise: do not touch other files, sanitize error output, and limit executions to once per request — these are sensible and should be enforced. Be aware that returning the script output "directly" could leak raw stack traces unless the agent sanitizes errors as recommended.
- Install Mechanism
- noteNo install spec; this is instruction-only and runs a local file. Dependencies are installed via pip from a small requirements.txt (beautifulsoup4, requests, feedparser) — expected for the task but note dependency integrity risk: versions are not pinned, so installing packages should be done in an isolated environment and/or after vetting.
- Credentials
- okOnly PYTHONIOENCODING=utf-8 and the python binary are required. No secrets, tokens, or unrelated environment variables are requested; this is proportionate.
- Persistence & Privilege
- okSkill is not always-included and does not request system-wide privileges. It does allow normal autonomous invocation (platform default), which is expected for a tool-like skill. The SAFETY.md guardrails advise against modifying files, which helps limit persistence risk.