ClawHub

NewsletterKit Email Newsletter Builder

v1.0.0

Build and format email newsletters from agent-curated content. Sections, formatting, subscriber-friendly HTML output. Works with any email service.

0· 265·1 current·1 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included source and SKILL.md. The code implements collecting items, organizing sections, and generating markdown/html/plain text output as advertised. No unrelated capabilities or external services are requested.
Instruction Scope
SKILL.md usage and workflow are scoped to newsletter curation and formatting. Runtime instructions and example usage reference only the bundled module and local data; they do not instruct reading arbitrary system files, environment variables, or sending data externally.
Install Mechanism
No install spec; this is instruction-plus-source only. There are no downloads or package installs referenced in the manifest or SKILL.md, so nothing writes arbitrary code to disk beyond the provided source file.
Credentials
The skill requests no environment variables, credentials, or config paths. The code uses only Node's fs module to read/write a single local JSON file (default './newsletter-items.json'), which is proportional to its purpose.
Persistence & Privilege
Skill is not always-enabled and does not request persistent platform privileges. It only persists its own data to a local JSON file; it does not modify other skills or system-wide configs.
Assessment
This skill appears coherent and local-only, but review these practical points before installing: 1) It reads/writes a JSON file (default ./newsletter-items.json) in whatever working directory the agent runs from—ensure that location is acceptable and file permissions are appropriate. 2) _loadItems/_saveItems silently swallow errors, so make backups if the data is important. 3) Generated HTML escapes text and restricts links to http/https, which reduces XSS risk, but if you later embed or auto-send the HTML through an ESP, validate any user-provided URLs and content before sending. 4) The package contains no network calls or credential requirements; if a future version requests API keys or adds external downloads, treat that as a new risk. Overall, the package matches its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

contentvk977g35tenbkhr6e7a06tmx2eh82qrzsemailvk977g35tenbkhr6e7a06tmx2eh82qrzslatestvk977g35tenbkhr6e7a06tmx2eh82qrzsnewslettervk977g35tenbkhr6e7a06tmx2eh82qrzsnewsletter-kitvk977g35tenbkhr6e7a06tmx2eh82qrzspublishingvk977g35tenbkhr6e7a06tmx2eh82qrzswritingvk977g35tenbkhr6e7a06tmx2eh82qrzs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments