ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Publish-Mate

v1.0.0

Fetch global news from RSS/API sources, auto-generate articles with images, and publish to WordPress or custom CMS platforms

0· 62·0 current·0 all-time
by@tankeito
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and instructions: Python scripts fetch RSS/NewsAPI, download images, compose content, and publish to WordPress. Required binary (python3) is appropriate. However the registry metadata claims no primary credential while SKILL.md and the code declare WP_APP_PASSWORD as a primary environment variable — an inconsistency that should be resolved before trusting automated setup.
!
Instruction Scope
Runtime instructions and scripts instruct the agent to fetch arbitrary remote URLs (RSS feeds, NewsAPI, custom APIs, and full article pages) and to download images from third-party image APIs or arbitrary image URLs. Fetching full article pages (fetch_full_article) will request arbitrary URLs discovered in feeds or provided via config; this is expected for an aggregator but creates a real risk of contacting internal or otherwise sensitive endpoints (SSRF-like risk) and downloading untrusted content. The instructions also encourage storing the WordPress application password in OpenClaw settings — this is functional but increases the blast radius if the skill or agent is compromised.
Install Mechanism
The skill's install spec lists a single 'uv' entry installing the 'certifi' package (SKILL.md metadata). Installing certifi is reasonable for improving SSL handling, but 'uv' is an uncommon/opaque installer name in the manifest and should be verified (where does 'uv' fetch packages from?). There are no arbitrary archive downloads or unknown URLs in the install manifest, and all code is present in the bundle, which reduces supply-chain ambiguity — but double-check the meaning/origin of the 'uv' install step before running it.
!
Credentials
The code legitimately requires WP_APP_PASSWORD to publish via WordPress application passwords and optionally uses UNSPLASH_API_KEY, PEXELS_API_KEY, PIXABAY_API_KEY, and NEWS_API_KEY. Those are proportional to the described capabilities. The concern is the manifest/registry mismatch: registry metadata listed no required envs while SKILL.md and scripts expect WP_APP_PASSWORD (and optional API keys). The config.example also shows headers using '$MY_API_TOKEN' placeholders — ensure those are not replaced automatically with unrelated secrets. Ask the author why registry metadata omitted the primaryEnv and confirm which variables are actually required and how they are stored.
Persistence & Privilege
The skill does not request global 'always: true' privilege and is user-invocable. It writes its own config and data under its baseDir (config.json, data/, logs/) which is normal. It does not appear to modify other skills or system-wide settings beyond suggesting that you add WP_APP_PASSWORD to OpenClaw settings (which is a user action).
What to consider before installing
What to check before installing: - Credential handling: The skill needs a WordPress Application Password (WP_APP_PASSWORD). Confirm that the registry entry matches SKILL.md (SKILL.md marks WP_APP_PASSWORD as primaryEnv but the registry omitted it). Only provide an application password with narrowly scoped rights and consider creating a dedicated low-privilege account for publishing. - Trust news/image sources: The skill will fetch arbitrary URLs from configured feeds and custom APIs and will follow links to fetch full article HTML and images. Only configure trusted feeds/APIs — a malicious feed could point at internal services (localhost, 169.254.*, internal IPs) and cause your agent to make unauthorized requests (SSRF-like behavior). - Storage of secrets: The README/SKILL.md suggests storing WP_APP_PASSWORD in OpenClaw settings. Understand the security of that storage location (~/.openclaw/openclaw.json) and who can read it on your machine. If you must, run the skill in a restricted account or isolated environment. - Review 'uv' install step: The manifest lists an install step using 'uv' to install certifi. Verify what 'uv' means in your OpenClaw environment and that it pulls packages from a trusted source before running install. - Run offline/test first: Use the preview/dry-run commands and start with a safe config (small max, preview mode, no publish, no custom sources) to observe behavior. Inspect logs under the skill's logs/ directory. - Network isolation if needed: If you are concerned about SSRF or accidental requests to internal services, run the skill in an environment with restricted outbound access or explicitly whitelist the domains you trust. If you want, I can: (a) point out the exact lines where the skill reads environment variables and performs outbound requests, (b) draft a minimal config that limits risk for initial testing, or (c) suggest CLI flags/config changes to make fetching safer (e.g., disable fetch_full_article, restrict allowed hostnames).

Like a lobster shell, security has layers — review code before you run it.

latestvk972y8gjw628ymzy2bwebc5nn583r6db

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis
OSmacOS · Linux · Windows
Binspython3

Install

uv

Comments