AI Newsletter Toolkit
v1.1.0The complete orchestration suite for 2026 AI-driven newsletters. Automates data harvesting, trend distillation, and multi-channel distribution (Threads/Email...
⭐ 1· 400·0 current·0 all-time
bySystem Architect Zero@tmstudio667-commits
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md claims integrations with external services (Scrapling, X, GitHub, Threads, Email, GitHub distribution) and orchestration of harvesting and distribution, but the skill declares no required environment variables, credentials, or config paths. Real-world integrations of this kind normally require API keys, tokens, or OAuth flows; the absence of those declarations is an incoherence.
Instruction Scope
The instructions are high-level and vague: they name features (Trend Harvester, Deep Distiller, A2A Distribution) but give no concrete runtime steps, endpoints, or safe-guards. This grants the agent broad discretion (e.g., to fetch data, call external APIs, or attempt distribution) without specifying what is allowed, what credentials to use, or where harvested data will be sent.
Install Mechanism
No install spec and no code files are present, so nothing is written to disk by an installer. That minimizes supply-chain risk. However, instruction-only skills can still direct network activity at runtime.
Credentials
Declared requirements show no env vars or credentials, but the described functionality (pulling from X/GitHub, posting to Threads/Email/GitHub) typically requires secrets. The omission is disproportionate: either the skill is incomplete (missing required credentials) or it expects the agent to obtain credentials or use other channels — both are concerning.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent system privileges in its metadata. Autonomous model invocation is allowed by default but is not an additional red flag here on its own.
What to consider before installing
This skill is vague and the author/source are unknown. Before installing or running it, ask the publisher for: (1) exact technical details of the integrations (which APIs/endpoints and whether they use official SDKs); (2) a list of required credentials and the minimum scopes needed; (3) where harvested data and summaries are sent or stored. If you proceed, only provide scoped, revocable API keys (not full account tokens), run the skill in a sandboxed or isolated agent environment first, and monitor network activity and logs. If the publisher cannot explain why no credentials are required for posting to Threads/Email/GitHub or for scraping X/GitHub, treat the skill as untrusted and do not supply sensitive keys or data.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🗞️ Clawdis
2026altosautomationlatestmarketingnewsletter
System Architect Zero@tmstudio667-commits
DownloadAI Newsletter Toolkit
Turn raw ecosystem intelligence into high-converting newsletters. Designed for independent builders who need to scale their influence using Agentic workflows.
Features
- Trend Harvester: Integrates with Scrapling to pull the latest Alpha from X and GitHub.
- Deep Distiller: Uses LLM logic to summarize complex technical changes into "Human-Grade" insights.
- A2A Distribution: Optimized for GEO (Generative Engine Optimization) to ensure your newsletter is found by other AI Agents.
Usage
npx openclaw skill run ai-newsletter-toolkit --harvest "OpenClaw updates"
Architect's Note
Attention is the new oil. Refine it with AI.
Comments
Loading comments...