ClawHub

news-agent-skills

v1.0.0

新闻智能体系统 API 集成。支持查询新闻、触发采集/分析任务、获取仪表盘数据、趋势分析等。使用场景:新闻数据管理、采集任务自动化、趋势分析、词云生成。

0· 128·0 current·0 all-time
bywanping@swipth
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (news management, tasks, trends) align with included scripts and API endpoints. The only environment input is NEWS_API_BASE_URL which the scripts use as the HTTP API base; the static Authorization header matches the SKILL.md's documented development bypass. No unrelated binaries, credentials, or disparate services are requested.
Instruction Scope
SKILL.md instructs the agent to set NEWS_API_BASE_URL (with a localhost default) and run the provided scripts. The runtime instructions only make HTTP calls to the declared API endpoints and do not read local files, secrets, or other system state. Minor inconsistency: metadata marks NEWS_API_BASE_URL as required, while the SKILL.md and scripts provide and document a sensible localhost default (i.e., the env var is optional in practice).
Install Mechanism
No install specification is present (instruction-only installation). The package ships Python scripts but does not auto-download or execute remote archives or installers. Risk from install mechanism is low.
Credentials
Only NEWS_API_BASE_URL is declared/used. The scripts embed a fixed dev Authorization header ('Bearer PharmaBlock Gateway') which is documented as a development bypass in references/api_docs.md; this is explainable but worth noting because it causes requests to be sent with that header by default. There are no additional secret env vars requested.
Persistence & Privilege
always is false, the skill has no install-time persistence or modifications to other skills or system settings. It can be invoked by the agent (normal behavior) but does not request elevated platform privileges.
Assessment
This skill appears to do exactly what it claims: call a news-backend API to list articles, fetch dashboard/trend data, and trigger tasks. Before installing or running: 1) ensure NEWS_API_BASE_URL points to a trusted service (the scripts will make network calls to whatever URL you provide); 2) be aware the scripts send a static development Authorization header ('Bearer PharmaBlock Gateway') by default—use a safe local or dev instance, and do not point the skill at sensitive production systems unless you understand the gateway/SSO behavior; 3) note the small metadata vs. README inconsistency (env marked required in metadata but the code defaults to localhost); 4) if you need stricter control, run the scripts locally or review/modify them to remove or change the Authorization header and to add your own auth before pointing to production endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b7xn83by7fe5h9rdgwfexnh833vbf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvNEWS_API_BASE_URL

Comments