ClawHub
Back to skill
v1.0.0

News Aggregator Skill 0.1.0

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:53 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.

GuidanceThis appears safe for its stated purpose if you are comfortable with a Python skill that scrapes public websites and saves local Markdown reports. Before installing, verify the GitHub source and Python dependencies, and remember that deep-fetched article text is untrusted web content for summarization, not instructions for the agent. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
`--deep`: **[NEW]** Enable deep fetching. Downloads and extracts the main text content of the articles. ... items will contain a `content` field

Deep mode intentionally places external article text into the agent's working context for analysis. That is central to the skill, but retrieved web text should be treated as source material rather than instructions.

User impactA malicious or misleading article page could try to influence the agent's summary if the agent over-trusts fetched page text.
RecommendationUse deep mode for analysis, but treat fetched article content as untrusted and follow only the user's instructions and the skill's trusted instructions.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/fetch_news.py
response = requests.get(url, headers=HEADERS, timeout=5) ... with concurrent.futures.ThreadPoolExecutor(max_workers=max_workers)

The helper script makes outbound web requests and can fetch article pages concurrently. This is expected for a news aggregator, but it is still broad external network activity.

User impactRunning the skill will contact third-party news/article sites from the user's environment.
RecommendationInstall and run it only if outbound web scraping is acceptable in your environment; keep deep scans to sources and limits you intend.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
`npx skills add https://github.com/cclank/news-aggregator-skill` ... `pip install -r requirements.txt`

The README documents user-directed installation from a remote GitHub repository and Python dependency installation. This is common for a Python-based skill, but users should verify provenance and dependency versions.

User impactFollowing the README may install code and packages from external sources.
RecommendationVerify the repository, review changes before installing, and consider pinning or auditing Python dependencies in controlled environments.
Rogue Agents
SeverityInfoConfidenceHighStatusNote
SKILL.md
Always save the full report to `reports/` directory with a timestamped filename

The skill creates persistent local report files. The path is scoped and the behavior is disclosed, so this is a normal persistence note rather than a concern.

User impactNews reports may accumulate locally under the reports/ directory.
RecommendationReview or clean the reports/ directory if you do not want saved copies of generated reports.