Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RSS Summarizer
v1.0.0智能 RSS 订阅与摘要。用于订阅、抓取、过滤和摘要 RSS/Atom 订阅源。当用户需要跟踪新闻、博客更新并提供摘要时使用。
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description promise subscription, fetching, filtering and summarization. The code implements subscription management, fetching, filtering, formatting (markdown/plain/json) and local persistence — but it does not implement any summarization logic and does not invoke any external 'oracle' CLI. The SKILL.md mentions push/notification to chat via a context.send function, but the provided script wrappers don't accept a callable send function from stdin. In short: core RSS management is coherent, but promised summarization and notification capabilities are not present in the implementation.
Instruction Scope
SKILL.md tells the AI to call scripts with JSON via stdin and to pass a context.send function; in practice stdin cannot carry a JS function and the provided script wrappers read only JSON and don't wire up a send function. SKILL.md also notes summaries depend on an external 'oracle' CLI (and could encourage the agent to call such tooling), but none of the scripts call external CLIs. The instructions are therefore ambiguous/misleading and could cause the agent to try actions outside the skill's real behavior.
Install Mechanism
No install spec is provided (instruction-only style with code files). Dependencies are standard npm packages (rss-parser and its dependencies) as shown in package.json/package-lock.json. No downloads from arbitrary URLs or extract steps are present in the manifest.
Credentials
The skill declares no environment variables or credentials, which matches the code. However SKILL.md's mention of an external AI 'oracle' CLI implies additional tooling/credentials might be needed; those are not declared or implemented. Also the code performs outbound HTTP requests when fetching feeds (via rss-parser), which is appropriate but means feed URLs could cause network requests to arbitrary endpoints (consider SSRF/internal network risks if untrusted feeds are added).
Persistence & Privilege
The skill stores data under its own data directory (data/subscriptions.json and data/config.json) and only reads/writes those files. It does not request system-wide config changes, additional persistent privileges, or always:true. This is proportionate for a subscription manager.
What to consider before installing
This skill is coherent for subscribing, fetching and formatting RSS feeds and storing them locally, but its documentation overpromises: it mentions "summarization via oracle CLI" and passing a context.send function for notifications, yet the code does not implement those. Before installing: (1) ask the publisher to clarify or implement summarization and notification (and to declare any required CLI/tools or credentials); (2) if you expect summarization, require that the skill either call a declared, auditable service or expose a documented hook — do not let the agent invent commands; (3) be aware the skill will perform outbound HTTP requests for any feed URL you add (this can be abused to probe internal networks), so run the skill in a restricted/sandboxed environment and vet feed URLs; (4) npm dependencies are normal but ensure you install packages from a trusted environment and review package-lock for supply-chain concerns; (5) if you want notifications, confirm a concrete mechanism (e.g., an API endpoint or an explicit send script) rather than the current undocumented context.send approach.Like a lobster shell, security has layers — review code before you run it.
latestvk978cvfnvhw5gqeaw88te7d4a9841r73newsvk978cvfnvhw5gqeaw88te7d4a9841r73productivityvk978cvfnvhw5gqeaw88te7d4a9841r73rssvk978cvfnvhw5gqeaw88te7d4a9841r73summarizationvk978cvfnvhw5gqeaw88te7d4a9841r73
License
MIT-0
Free to use, modify, and redistribute. No attribution required.