ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw News Publisher

v1.0.0

CLI tool to write news in Markdown and publish automatically across RSS, Twitter, WeChat (API pending), with multi-platform fallback and preview.

0· 215·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The description (Markdown-first multi-platform publisher) matches the SKILL.md functionality (RSS implemented, other platforms as frameworks/placeholders). However several advertised platforms are 'pending' or placeholders (WeChat/Twitter/others), so the skill does not fully deliver all claimed capabilities yet. The registry metadata lists no required credentials despite SKILL.md showing many platform API keys are needed.
!
Instruction Scope
SKILL.md instructs the user/agent to clone a GitHub repo and run npm install and shell scripts from that repo (./agents/news-cli.sh, ./scripts/publish-news.sh). Those runtime instructions will cause arbitrary third‑party code to be fetched and executed, which expands the security surface beyond a simple instruction-only skill. The instructions do not ask the agent to read unrelated system files, but they do require editing and loading a .env with secrets.
!
Install Mechanism
The skill metadata contains no install spec (instruction-only), but SKILL.md explicitly tells users/agents to git clone https://github.com/ZhenRobotics/openclaw-news-publisher.git and run npm install. That directs fetching and executing external code from a repository whose trustworthiness is unknown (metadata 'Source: unknown', no homepage). Fetching and running a remote npm project is a moderate-to-high risk operation if you haven't audited the code.
!
Credentials
Registry metadata declares no required environment variables, but SKILL.md and README clearly expect and document multiple sensitive environment variables (WECHAT_APP_SECRET, TWITTER_API_KEY/SECRET/ACCESS_TOKEN, RSS_SITE_URL, etc.). This mismatch is incoherent: the skill will need secrets to interact with platforms but does not declare them in metadata. Requiring multiple platform secrets is reasonable for this tool, but the omission in metadata reduces transparency and prevents automated policy checks.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config access, and does not claim autonomous persistence. There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
Before installing or running this skill: 1) Treat the repo clone + npm install step as potentially risky — inspect the GitHub repository (all scripts under agents/ and scripts/) before running; 2) Verify the repository owner and commit history (ZhenRobotics/justin) and prefer tagged releases; 3) Only populate a .env with platform credentials after you review code that will read/use them; consider creating platform-specific tokens with limited scope, or testing with RSS-only and dry-run modes first; 4) Run initial tests in an isolated/sandbox environment (container or VM) rather than on a production machine; 5) If you need automatic agent invocation, ensure you are comfortable the skill can fetch and execute code — otherwise decline or host a vetted fork you control. If you can share the actual GitHub URL or the repo contents, a more confident assessment is possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ff3zfqdepqf7htqx7kqdk2982nwcv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments