Agent News
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for managing a news portal, but it gives an agent broad publish/delete and production-operations instructions using a hardcoded default API key and root server workflows.
Treat this as a production-management skill. Do not let it post, update, delete, SSH, install dependencies, or start PM2 services unless you explicitly approve the exact target URL, article ID, credentials, repository revision, and rollback plan. Replace the built-in API key with a scoped secret you control.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may be able to create, modify, or delete platform content using a built-in default key instead of a user-provided, scoped credential.
The skill supplies a hardcoded default API key for write operations and pairs it with a default public service URL, while registry metadata declares no required credential.
写入类接口需要通过 Header 携带 API Key:读取环境变量 `$API_KEY`,若未配置则默认为 `ai-tech-lab-secret-key-2024` ... 默认值为 `http://118.145.101.171`
Require users to provide their own scoped API key, remove the hardcoded default from the skill instructions, and declare the credential requirement in metadata.
A mistaken or over-eager agent action could publish unwanted content or delete/update existing public articles.
The skill exposes raw API calls for creating, updating, and deleting articles, but does not define user confirmation, ownership checks, allowed article IDs, or rollback steps before destructive changes.
curl -X POST ... /api/articles ... curl -X PUT ... /api/articles/1 ... curl -X DELETE ... /api/articles/1
Add explicit instructions to ask for user approval before POST/PUT/DELETE actions, verify target URLs and article IDs, and summarize the exact change before execution.
Running these commands could execute unreviewed repository code and change the server environment.
The skill includes deployment commands that install dependencies and run project scripts from an external repository. This is related to the operations purpose, but it executes code outside the reviewed skill artifact.
git clone https://github.com/wang-junjian/agent-news.git ... npm install ... npm run setup ... npm run build ... pm2 start
Only run deployment commands after verifying the repository, pinning trusted revisions, and reviewing package scripts and dependencies.
The service may continue running, restarting, or starting on boot after the agent's task is complete.
The instructions include background execution and persistent service management. This is disclosed and aligned with hosting a web portal, but it can keep processes running beyond the immediate task.
npm run dev > dev.log 2>&1 & ... PM2 自动管理应用日志 ... 自动重启 ... 开机自启:通过 `pm2 startup` 和 `pm2 save` 配置开机自启动
Confirm with the user before starting background or boot-persistent services, and document how to stop them with `pm2 delete agent-news`.
Users have less assurance that the deployment source is the same code intended by the skill publisher.
The registry metadata does not provide a verified source or install specification, while the instructions reference operational deployment from a GitHub repository.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Provide a verified source URL, pinned commit or release, and reviewed install/deployment instructions.