v1.0.0

news-agent-skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:28 AM.

Analysis

This skill mostly matches its news-management purpose, but it hard-codes a documented authentication-bypass token and can trigger backend crawl/analysis jobs, so it should be reviewed before use.

GuidanceInstall this only if you control the target News Agent backend and are comfortable with the fixed development bearer token and task-triggering permissions. Prefer restricting it to localhost or a trusted development environment, and require explicit approval before running crawl, analyze, or trend jobs.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/trigger_task.py

"crawl": ("POST", "/tasks/crawl", "采集"),
"analyze": ("POST", "/tasks/analyze", "分析"),
"trend": ("POST", "/tasks/trend", "趋势统计")

The skill exposes POST operations that start backend collection, analysis, and trend jobs, but the artifacts do not show local confirmation, task-size limits, or rollback controls.

User impactAn agent using this skill could start crawling or analysis jobs that alter backend state, consume compute or LLM quota, or process more data than the user intended.

RecommendationRequire explicit user approval for POST task triggers, show the target service and task type before running, and add backend-side limits and role checks.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/trigger_task.py

HEADERS = {"Authorization": "Bearer PharmaBlock Gateway"}

The task script always sends a fixed bearer value for API access; the documentation describes this value as a development bypass token, so actions are not tied to the installing user's normal SSO identity.

User impactIf the configured service accepts this token, the agent could read news data and trigger backend tasks as a simulated user rather than through normal user authentication.

RecommendationUse per-user or environment-scoped authentication, disable this bypass token outside development, and require explicit configuration before connecting to any non-local service.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

**LLM**：使用阿里云 DashScope（qwen-plus）进行文章分析

The skill documentation says analysis uses an external LLM provider, which is purpose-aligned but means article data may be processed outside the local backend.

User impactNews article content or metadata may be sent to the configured LLM analysis service during analysis tasks.

RecommendationConfirm that the articles being analyzed are allowed to be processed by DashScope/qwen-plus and that the backend has appropriate data-handling controls.