China News
Security checks across malware telemetry and agentic risk
Overview
This instruction-only news skill appears purpose-aligned: it fetches public Chinese news via browser/RSS and does not show credentials, persistence, destructive actions, or hidden data handling.
Before installing, note that the skill may browse public news sites and may require the Python requests package for RSS fetching. It appears suitable for public news lookup, but avoid using it with sensitive browser sessions unless you are comfortable with external sites being opened.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may open third-party news websites and extract headlines or links from those pages.
The skill instructs use of browser automation and page evaluation to extract public news links. This is aligned with the stated news-aggregation purpose, but it still uses an external browsing tool and should be visible to the user.
🔄 **双模式**: 浏览器自动化 + RSS订阅 ... await browser.open({ url: "https://news.sina.com.cn" }) ... const news = await browser.evaluate(() => {Use it for public news collection and avoid running it in a browser profile containing sensitive logged-in sessions unless needed.
Using the RSS mode may require installing a Python package in the local environment.
The skill documents installing the Python requests package even though there is no install spec. This dependency is common and purpose-aligned for RSS fetching, but it is still a package installation users should notice.
dependencies: "pip install requests"
Install dependencies only from trusted package indexes and in an isolated Python environment if possible.