Skills
skills/openclaw/skills/news-aggregator-skill/Gen Agent Trust Hub

news-aggregator-skill

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

šŸŸ” VERDICT: MEDIUM

This skill is rated MEDIUM due to its reliance on external code and dependencies from unverified sources, and its execution of commands to download and install these. The core script also performs extensive external network requests to fetch content from various news sites and arbitrary URLs found within them.

Total Findings: 6

šŸŸ” MEDIUM Findings: ā€¢ Unverifiable Dependency

  • README.md:20: git clone git@github.com/cclank/news-aggregator-skill.git
  • The skill's source is cloned from a GitHub repository (cclank) not listed as a trusted organization. ā€¢ Unverifiable Dependency
  • README.md:30: npx skills add https://github.com/cclank/news-aggregator-skill
  • The skill is added from a GitHub repository (cclank) not listed as a trusted organization. ā€¢ Unverifiable Dependency
  • README.md:54: pip install -r requirements.txt
  • Installs Python packages from requirements.txt. While requests and beautifulsoup4 are common, they are external dependencies. ā€¢ Unverifiable Dependency
  • _meta.json:7: "commit": "https://github.com/clawdbot/skills/commit/3fc0e1f189327f3a62a2a3873ba8275931cf2a14"
  • The skill's metadata references its source from a GitHub repository (clawdbot) not listed as a trusted organization. ā€¢ External Downloads
  • scripts/fetch_news.py: The script makes HTTP requests to various news sources (e.g., weibo.com, 36kr.com, v2ex.com, i.news.qq.com, api-one.wallstcn.com, producthunt.com) which are not explicitly listed as trusted domains. It also fetches content from arbitrary URLs found within these news feeds via fetch_url_content function. While github.com is trusted, many other sources are not, posing a risk of downloading potentially malicious content.

šŸ”µ LOW Findings: ā€¢ Prompt Injection Pattern

  • SKILL.md:20: CRITICAL: You MUST automatically expand the user's simple keywords...
  • Uses strong directives ('CRITICAL', 'MUST') to guide AI behavior. While not malicious in intent (aims for specific task execution), it matches a pattern for prompt injection.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 09:44 AM