Read RSS/Atom feeds from an OPML list, fetch articles from the last N hours, and generate a Chinese categorized brief. Use for requests like “generate a 24-h...
Security Analysis
medium confidenceThe skill mostly matches an RSS-to-brief purpose, but there are a few implementation mismatches and content-generation behaviors (hardcoded OPML attribution, canned Chinese summaries that can assert details) that contradict the SKILL.md constraints and warrant caution.
The name/description (fetch RSS from an OPML list and produce a Chinese categorized brief) aligns with the provided python script and runtime instructions. Nothing in the code asks for unrelated credentials or system access. However, the SKILL.md and the code both hardcode a particular OPML gist URL into the output header even though the script supports a --opml-url/--opml-file parameter; that is an inconsistency between described flexibility and fixed output attribution.
Instructions tell the agent to run the included script which will fetch the OPML and then fetch up to many feed URLs. Fetching arbitrary URLs is expected for an RSS aggregator, but it also means the script will perform network requests to whatever URLs appear in the OPML (including internal IPs or private endpoints if the OPML were changed), creating a potential SSRF/internal network access risk. More importantly, the script's summary generation uses canned heuristic Chinese sentences (rule-based templates) that can assert specific interpretations rather than directly quoting or strictly summarizing the original content — this can contradict the SKILL.md constraint 'Never fabricate facts'.
No install spec; the skill is instruction-only with a Python script. That is low-risk from an installation perspective because nothing is downloaded or written by an installer. The runtime will execute a local script, so the main runtime risk is what the script does (network fetches), not an installer fetching arbitrary code.
The skill requests no environment variables, credentials, or config paths. This is proportionate to the stated purpose. The script only performs HTTP(S) requests and local XML parsing; it does not attempt to read environment secrets or system config.
The skill does not request always: true and has no install-time persistence. It does not modify other skills or system-wide settings. Agent autonomous invocation is enabled by default but not unusual; no additional privileged presence is requested.
Guidance
This skill is generally coherent for generating RSS-based briefs, but proceed with caution: - Code will fetch whatever feed URLs are present in the OPML. If you or the agent pass an OPML you did not audit, it could cause requests to internal addresses (SSRF / internal network access). Only use trusted OPML sources or run the script in a network-isolated environment. - The output header is hardcoded to a specific gist URL even though the script accepts --opml-url; expect this attribution to appear regardless of which OPML you pass. If that matters, inspect/modify the script. - The script produces rule-based canned Chinese summaries. These heuristics can assert interpretations not strictly present in the source; they may unintentionally "fabricate" inferred details. If you need strictly factual/quotative summaries, review or replace the heuristic summarizer with one that derives content directly from article text. - Because this is a Python script, review the full file before running, and consider executing it in a sandboxed environment without access to sensitive networks or credentials. If you want to proceed: run the script locally with the specific OPML URL you trust, or modify it to restrict allowed hostnames (whitelist) and to tighten summarization behavior.
Latest Release
v0.1.2
Update skill description with RSS list attribution to Andrej Karpathy and source post link.
More by @seandong
Published by @seandong on ClawHub
