ClawHub

Pings News (News Agent)

v1.1.6

从 Wink Pings 免费获取最新新闻,用用户邮箱作为 user_id 绑定个人订阅并拉取列表。 在用户表达要看「最新 AI 新闻」、提到「Pings」「Wink Pings」「wink pings」、或明确要看 Pings/Wink 资讯与订阅新闻时使用;若未提供邮箱则先收集邮箱再请求。

0· 131·1 current·1 all-time
by@ully·duplicate of @ully/pings (1.1.6)·canonical: @ully/pings-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (pulling Wink Pings news using an email as user_id) match the behavior in SKILL.md and examples: only network GETs to https://wink.run/api/pings/latest and local storage of a single email are requested. No unrelated credentials, binaries, or system hooks are required.
Instruction Scope
Instructions are narrowly scoped to: (1) read/write a single local file (skills/pings/pings-user-email) to store the user's email, (2) prompt the user for the email if missing, (3) make a GET request to the documented endpoint and format/display results. This is coherent, but storing the email in plaintext on disk is a privacy consideration the user should be aware of (SKILL.md does advise .gitignore and partial logging).
Install Mechanism
No install spec and no code files to execute — the skill is instruction-only. This minimizes install-time risk; runtime behavior uses standard HTTP calls (curl or equivalent) as described.
Credentials
The skill requests no environment variables, credentials, or external tokens. The only local access is to a single per-skill file path for the user's email, which is proportionate to persisting a user_id for personalized news.
Persistence & Privilege
always is false and the skill only persistently writes a single file under its own skill directory. It does not request elevated privileges, modify other skills, or require permanent platform inclusion.
Assessment
This skill appears to do what it says: prompt for (or read) a user email, use it as user_id, call https://wink.run/api/pings/latest, and display formatted results. Before installing: (1) confirm you trust the wink.run endpoint because the skill will send the provided email to that service; (2) consider whether you want the email saved to disk in plaintext at skills/pings/pings-user-email — if not, decline to persist it when prompted; (3) ensure the workspace repository ignores that file (SKILL.md says it’s in .gitignore) so it’s not accidentally committed; (4) avoid supplying someone else’s credentials or email. If you need stronger protection, keep emails out of disk storage and allow the skill to run without persistence, or route requests through a network monitor/proxy to verify traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk97000wvn25761h2m7p5jtb3fd83g23w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments