OpenClaw News Publisher
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: news-publisher Version: 1.0.0 The skill bundle describes a multi-platform news publishing tool designed to automate content distribution from Markdown files to platforms like RSS, WeChat, and Twitter. The documentation (skill.md and readme.md) outlines standard CLI operations, configuration via environment variables, and a template-based workflow without any evidence of malicious intent, data exfiltration, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Unreviewed remote code could run locally and later handle publishing credentials and account actions.
The reviewed skill package is instruction-only with no code files, but setup directs users to pull and run external code and dependencies that were not included in the scan.
git clone https://github.com/ZhenRobotics/openclaw-news-publisher.git ... npm install ... ./agents/news-cli.sh help
Verify the GitHub repository and package contents before installing, pin to a trusted commit, review dependency lockfiles, and prefer a packaged skill with an explicit install spec.
If broad or real account tokens are used, the tool may be able to post or prepare posts under the user's platform accounts.
The skill requests third-party account credentials capable of publishing content, but the registry metadata declares no credential contract and the artifacts do not define permission scopes.
WECHAT_APP_SECRET="..." ... TWITTER_API_KEY="..." ... TWITTER_API_SECRET="..." ... TWITTER_ACCESS_TOKEN="..."
Use least-privilege test credentials where possible, confirm exact API scopes, keep .env files private, and revoke tokens after testing.
A mistaken file, platform list, or configuration could publish unintended content to multiple public channels.
Multi-platform publishing and fallback are core features, but they are high-impact actions because they can post public content across configured destinations.
openclaw-news publish news/drafts/ai-breakthrough-*.md ... Automatic platform fallback on failures ... Batch publishing to multiple platforms
Use preview and dry-run first, require explicit user confirmation before actual publish commands, and specify target platforms rather than relying on defaults.