Skillv0.1.6

ClawScan security

hotnews · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 3:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and purpose are largely coherent, but it asks you to run an npm CLI (npx/hotnews) with no provenance, no homepage/source, and no pinned package/version — that implicit remote code execution is disproportionate to the simple news-fetching description and merits caution.
Guidance: This skill is instruction-only and tells you to run an npm CLI (hotnews / npx hotnews). Running npx executes code fetched from the npm registry — treat that as running arbitrary third-party code. Before installing or running it: 1) look up the npm package (name/version), homepage, and source repo and inspect the code or README; 2) prefer a pinned version (not 'latest') and check package maintainers and recent publish history; 3) run in an isolated environment (container, VM, or limited sandbox) and avoid running as root; 4) if you cannot find the package source or it lacks provenance, avoid running npx and consider alternative, well-known news tooling. The missing homepage/source and the implied remote execution are why I mark this as suspicious rather than benign.

Review Dimensions

Purpose & Capability: noteThe name/description (fetch trending news from Chinese platforms and GitHub) aligns with the runtime instructions to run a CLI. The SKILL.md explicitly says 'Requires npm install', which is consistent with an npm CLI package. Minor inconsistency: the Source Selection Guide mentions 'toutiao' although the enumerated 8 sources list does not include it.
Instruction Scope: okThe SKILL.md instructs only to run the hotnews CLI (hotnews or npx hotnews) with flags and to consume JSON output. It does not ask the agent to read unrelated files, environment variables, or exfiltrate data to other endpoints.
Install Mechanism: concernThere is no install spec in the registry metadata; the SKILL.md encourages using npm/npx to run the tool. npx will download and execute package code from the npm registry (or other configured registries) at runtime. Because no package homepage, source repo, version pin, or checksum is provided, this implicitly permits executing remote code of unknown provenance — a moderate-to-high risk for an otherwise simple news CLI.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There is no request for secrets or unrelated service credentials in the instructions.
Persistence & Privilege: okalways:false and no install script or config writes are declared. The skill does not request persistent presence or modify other skills or system-wide settings. Note: the platform default allows autonomous invocation, but that is not in itself a unique concern here.