Safety Report

Hacker News

Name: Hacker News
Rating: 5 (8 reviews)
Author: gchapim

Browse and search Hacker News. Fetch top, new, best, Ask HN, Show HN stories and job postings. View item details, comments, and user profiles. Search stories and comments via Algolia. Find "Who is hiring?" threads. Use for any HN-related queries like "what's trending on HN?", "search HN for AI", "show comments on story X", "who is hiring?", "latest Ask HN posts".

2,715Downloads

18Installs

8Stars

1Versions

Search & Retrieval2,116 File Management2,100 Social Media1,367 Automated Testing538

Security Analysis

high confidence

Clean0.08 risk

The skill is internally consistent: it implements a read-only Hacker News CLI using public HN/Algolia APIs, asks for no credentials, and has no install step — however the package metadata omits that the script requires curl, jq and python3.

Feb 11, 20263 files2 concerns

Purpose & Capabilitynote

Name/description match the included code and docs: the script fetches Hacker News lists, items, comments, users, and (per references) uses Algolia for search. One small inconsistency: registry metadata lists no required binaries, but the script clearly uses curl, jq and python3.

Instruction Scopeok

SKILL.md tells the agent to run the provided scripts/hn.sh CLI and documents commands. The runtime instructions and the script stay within the stated purpose (fetching HN data from public APIs). There are no instructions to read unrelated files, exfiltrate secrets, or contact unexpected endpoints.

Install Mechanismnote

There is no install spec (instruction-only), so nothing is written to disk at install time. The script will run local commands and temporary files (mktemp). Note: because there is no install step, callers must have curl, jq and python3 available — the registry metadata did not declare these dependencies.

Credentialsok

The skill requires no environment variables or credentials and only contacts public Hacker News (Firebase) and Algolia endpoints. No sensitive env vars or unrelated service credentials are requested.

Persistence & Privilegeok

The skill does not request persistent inclusion (always: false) and does not modify other skills or system-wide settings. It relies on executing the provided script when invoked.

Guidance

This skill appears to do what it says: a lightweight CLI that reads public Hacker News APIs and Algolia. Before installing or running it, ensure your environment has curl, jq and python3 available (the metadata omitted those). Review the script if you are uncomfortable executing code from an unknown source — it performs network calls to hacker-news.firebaseio.com and hn.algolia.com and writes temporary files under a tmpdir which it then removes. Because it runs shell commands, run in a restricted environment or sandbox if you want to limit risk.

Latest Release

v1.0.0

Initial release of the Hacker News skill: - Browse top, new, best, Ask HN, Show HN stories, and job postings. - View item details, comments, and user profiles. - Search stories and comments using Algolia. - Find and view "Who is hiring?" threads. - Supports CLI usage for all features with customizable limits and filters. - Outputs clean, readable results with auto-converted text and relative timestamps.

More by @gchapim

Readwise & Reader API

2 stars

Phoenix API Generator

0 stars

Ecto Migrator

0 stars

Oban

0 stars

Elixir Dev

0 stars

Oban Designer

0 stars

Published by @gchapim on ClawHub