feed-diet
v0.2.1Audit your information diet across HN and RSS feeds — beautiful reports with category breakdowns, ASCII charts, and personalized recommendations.
⭐ 0· 580·2 current·2 all-time
byTodd Kuehnl@tkuehnl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (HN + OPML/RSS auditing) align with the included scripts (hn-fetch.sh, opml-parse.sh, classify.sh, feed-diet.sh). Minor inconsistency: the registry metadata lists no required binaries/env, but the code requires bash, curl, python3 and (for nicer output/JSON handling) jq. Those runtime dependencies are documented in README/SKILL.md but not declared in registry metadata.
Instruction Scope
Instructions are scoped to fetching HN submissions or parsing an OPML file, classifying items, and generating a Markdown report. Important runtime behaviors to note: (1) the agent will read a user-supplied OPML file path, (2) items (titles/URLs) are sent to external LLM endpoints when ANTHROPIC_API_KEY or OPENAI_API_KEY are set, and (3) the tool writes cache files under $XDG_CACHE_HOME or ~/.cache/feed-diet. The OPML parser enforces http/https feed URLs to reduce SSRF risk.
Install Mechanism
No remote install or downloads are performed by the skill (instruction-only with bundled scripts). That is lower risk; the skill will execute local shell scripts and create cache/temp files. There are no third-party packages pulled from networks at install time.
Credentials
The skill requests no required credentials in registry metadata. It optionally uses ANTHROPIC_API_KEY or OPENAI_API_KEY for LLM classification (documented). No unrelated secrets (AWS, GitHub tokens, etc.) are requested. Other env usage: FEED_DIET_BATCH_SIZE and XDG_CACHE_HOME/HOME for cache location.
Persistence & Privilege
always:false (not force-included). The skill creates a per-user cache directory (~/.cache/feed-diet) and temporary files; it does not modify other skills or system-wide configurations. Autonomous invocation is allowed (platform default) but not combined with any broad credential demands.
Assessment
This skill is internally consistent and implements the declared purpose. Before installing, consider: (1) Required local deps: ensure you have bash (4+), curl, python3, and jq installed (the metadata omitted these). (2) Privacy: if you set ANTHROPIC_API_KEY or OPENAI_API_KEY, the skill will send batches of item titles/URLs to those LLM providers for classification — if you prefer not to transmit data, leave those env vars unset; the script will fall back to its local keyword classifier. (3) The skill will read any OPML file path you supply and will cache fetched items under $XDG_CACHE_HOME or ~/.cache/feed-diet. (4) Review the included scripts yourself if you have sensitive data or strict network/privacy requirements. Overall: coherent and appropriate for its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk975y7ydw1d0xxasegyth4n38x81j1rd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.