OpenClaw News Publisher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its news-publishing purpose, but it relies on unreviewed external code and asks for social-platform publishing credentials, so it should be reviewed before use.
Only use this after reviewing the referenced GitHub repository and dependencies. Start with dry-run/preview, use test or least-privilege platform credentials, keep the .env file private, and require explicit approval before any real publish command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Unreviewed remote code could run locally and later handle publishing credentials and account actions.
The reviewed skill package is instruction-only with no code files, but setup directs users to pull and run external code and dependencies that were not included in the scan.
git clone https://github.com/ZhenRobotics/openclaw-news-publisher.git ... npm install ... ./agents/news-cli.sh help
Verify the GitHub repository and package contents before installing, pin to a trusted commit, review dependency lockfiles, and prefer a packaged skill with an explicit install spec.
If broad or real account tokens are used, the tool may be able to post or prepare posts under the user's platform accounts.
The skill requests third-party account credentials capable of publishing content, but the registry metadata declares no credential contract and the artifacts do not define permission scopes.
WECHAT_APP_SECRET="..." ... TWITTER_API_KEY="..." ... TWITTER_API_SECRET="..." ... TWITTER_ACCESS_TOKEN="..."
Use least-privilege test credentials where possible, confirm exact API scopes, keep .env files private, and revoke tokens after testing.
A mistaken file, platform list, or configuration could publish unintended content to multiple public channels.
Multi-platform publishing and fallback are core features, but they are high-impact actions because they can post public content across configured destinations.
openclaw-news publish news/drafts/ai-breakthrough-*.md ... Automatic platform fallback on failures ... Batch publishing to multiple platforms
Use preview and dry-run first, require explicit user confirmation before actual publish commands, and specify target platforms rather than relying on defaults.