Safety Report

Newsletter Creation & Curation

Name: Newsletter Creation & Curation
Rating: 3 (1 reviews)
Author: shashwatgtm

@shashwatgtm

Industry-specific newsletter creation with cadence recommendations and automation workflows

2,204Downloads

2Installs

1Stars

1Versions

Workflow Automation3,323 DevOps & Infrastructure1,045

Security Analysis

high confidence

Suspicious

The skill is coherent with its stated purpose (newsletter guidance) and requests no credentials, but the 'always: true' flag forces it into every agent session without a clear justification — this is unnecessary and increases risk.

Feb 11, 20262 files1 concern

Purpose & Capabilityok

Name/description match what the skill provides: prose guidance and templates for newsletter creation. It requires no binaries, no credentials, and the README explicitly states it does not connect to ESPs or perform automated aggregation, which is consistent with an instruction-only guidance skill.

Instruction Scopeok

SKILL.md is a long, prescriptive guide for planning, structuring, and distributing newsletters. It suggests manual publishing options (Substack, LinkedIn) but does not instruct the agent to read local files, access environment variables, call external APIs, or exfiltrate data. The instructions stay within the newsletter-authoring domain.

Install Mechanismok

No install spec and no code files; it's instruction-only. This is the lowest-risk install pattern because nothing is written or executed on disk by an installer.

Credentialsok

The skill declares no environment variables, credentials, or config paths. That is proportionate for a guidance-only newsletter skill.

Persistence & Privilegeconcern

The skill is published with always: true (also present in SKILL.md metadata). That forces inclusion in every agent session and bypasses normal eligibility gates without an obvious justification for a purely advisory skill. Always-present skills increase attack surface and blast radius if a later update adds network or credential access.

Guidance

This skill appears to be legitimate newsletter guidance and doesn't request secrets or install code — low functional risk — but it is flagged as 'always: true', meaning the platform will include it in every agent run. That setting is unnecessary for an instruction-only newsletter guide and raises privacy/supply-chain risk. Before installing or enabling it globally: 1) Ask the publisher why always:true is needed and request removal unless they can justify it. 2) Prefer installing it with 'always' disabled so it runs only when invoked. 3) Confirm the publisher identity (the README links a GitHub profile) and review that repository directly. 4) Ensure your agent platform prevents skills from making outbound network calls or accessing secrets unless explicitly authorized. If the publisher cannot justify always:true, treat the skill as potentially risky and do not enable it globally.

Latest Release

v1.0.0

- Initial release of the newsletter-creation-curation skill. - Provides a step-by-step navigator to customize newsletter strategy by goal, industry, company stage, role, and geography. - Includes detailed templates and week-by-week plans for common industry scenarios, starting with Sales Tech newsletters. - Offers actionable recommendations on newsletter content, publishing cadence, and distribution platforms. - Designed to help founders, marketing leaders, and team members create effective, industry-specific newsletters.

More by @shashwatgtm

Social Media Management

8 stars

Competitive Intelligence & Market Research

7 stars

Personal Branding & Authority Building

2 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Published by @shashwatgtm on ClawHub