NewsletterKit Email Newsletter Builder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This newsletter builder appears purpose-aligned and only stores curated newsletter items locally, with no evidence of hidden network access, credential use, or unsafe automation.
This skill looks safe for its stated purpose. Before installing, understand that it keeps collected newsletter items in a local JSON file by default; do not store sensitive notes unless you are comfortable with that local persistence.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Links, notes, and snippets added for a newsletter may remain on disk and appear in later generated drafts until cleared.
The skill persists curated newsletter content in a local JSON file and reloads it later, so saved items can influence future newsletter drafts.
this.dataFile = options.dataFile || './newsletter-items.json'; ... _loadItems() { try { this.sections = JSON.parse(fs.readFileSync(this.dataFile, 'utf8')); } catch {} } ... _saveItems() { try { fs.writeFileSync(this.dataFile, JSON.stringify(this.sections, null, 2)); } catch {} }Avoid adding sensitive material unless local storage is acceptable, and use the clear function or remove the JSON file when you no longer need the saved items.