Blogwatcher Local
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a straightforward wrapper for a blog/RSS feed CLI, with the main thing to notice being that it installs an external Go tool from GitHub at the latest version.
This appears safe for its stated purpose. Before installing, make sure you trust the external blogwatcher Go module, since the skill installs the latest version from GitHub rather than a pinned release.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You are trusting the external blogwatcher project and whatever version is current when installed.
The skill relies on installing an external Go module at the latest version, so the exact code installed is not pinned by these artifacts.
github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest
Install only if you trust the GitHub project; consider pinning or reviewing a specific version if you need stronger supply-chain assurance.