ClawHub
Back to skill
v1.0.0

Hot News Aggregator 1.0.0

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

This is an instruction-only news aggregation skill that mainly tells the agent to search and summarize listed news sites, with no code, credentials, persistence, or local system access.

GuidanceThis skill appears safe for normal use as a news summarizer. Be aware that it relies on external web sources and has limited provenance metadata, so review its cited links and verify important claims independently.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
1. **搜索** - 用 `web_search` 或 `web_fetch` 工具搜索各源

The skill explicitly asks the agent to use web browsing/search tools. This is purpose-aligned for news aggregation, but users should expect outbound web access and reliance on third-party content.

User impactThe agent may fetch and summarize external news pages; the quality and accuracy of the result depends on those sources.
RecommendationAsk for links, timestamps, and source names in the output, and verify important or sensitive news before relying on it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
metadata
Source: unknown
Homepage: none

The package has limited provenance information, and the registry version is 1.0.0 while SKILL.md declares version 1.0.3. Because this is instruction-only with no installable code, this is a metadata/provenance note rather than a security concern.

User impactIt may be harder to confirm who maintains the skill or whether the packaged instructions are the intended version.
RecommendationPrefer skills with clear source/homepage metadata when provenance matters, and review the visible SKILL.md instructions before use.