Skills
skills/sundial-org/awesome-openclaw-skills/hn-digest/Gen Agent Trust Hub

hn-digest

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/generate_mood_nano_banana.sh automatically creates a Python virtual environment and installs google-genai and pillow using pip install without version pinning or integrity verification. This occurs every time the skill is run if the environment is missing.
  • [CREDENTIALS_UNSAFE]: The script scripts/nano_banana_mood.py contains a function load_gemini_key() that attempts to read a local configuration file at ~/.clawdbot/clawdbot.json. While this appears to be a local application config, hardcoded logic that parses home directory files for API keys is a risky pattern that can lead to credential exposure if the file is misconfigured or targeted.
  • [COMMAND_EXECUTION]: The skill relies on shell scripts and Node.js scripts to perform data processing and image generation. While the arguments (topic, n, offset) are partially validated in hn.mjs, they are passed through shell scripts where they could potentially be manipulated, although the current implementation uses standard argument passing rather than direct string interpolation into a shell context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 12:25 AM