中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:21 hr ago Rescan
5 /100
clawforage-knowledge-harvester
Daily automated briefings — fetches trending content via Google News RSS, summarizes into memory for RAG retrieval
A straightforward RSS-based knowledge harvester with no malicious behavior, fully documented shell usage, and clean capabilities aligned with its stated purpose.
Skill Nameclawforage-knowledge-harvester
Duration29.1s
Enginepi
Safe to install
Approve for use. No security concerns identified.
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md: memory/knowledge/ directory write; SKILL.md:memory/clawforage/domains.…
Network READ READ ✓ Aligned SKILL.md: Google News RSS (read-only); scripts/fetch-articles.sh:62: curl -sL
Shell WRITE WRITE ✓ Aligned SKILL.md _meta metadata: requires bash,jq,curl; scripts use set -euo pipefail th…
Environment NONE NONE No environment variable access found
Skill Invoke NONE NONE No cross-skill invocation found
2 findings
🔗
Medium External URL 外部 URL
https://inspireehub.ai
README.md:61
🔗
Medium External URL 外部 URL
https://news.google.com/rss/search?q=$
scripts/fetch-articles.sh:60

File Tree

7 files · 10.5 KB · 345 lines
Markdown 4f · 199L Shell 3f · 146L
├─ 📁 scripts
│ ├─ 🔧 dedup-articles.sh Shell 24L · 981 B
│ ├─ 🔧 fetch-articles.sh Shell 68L · 2.7 KB
│ └─ 🔧 validate-knowledge.sh Shell 54L · 1.3 KB
├─ 📁 templates
│ ├─ 📝 domains-example.md Markdown 12L · 367 B
│ └─ 📝 knowledge-article.md Markdown 13L · 274 B
├─ 📝 README.md Markdown 62L · 1.7 KB
└─ 📝 SKILL.md Markdown 112L · 3.3 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
bash 4+ system No Declared in _meta; no version pinning
jq * system No Declared in _meta; no version pinning
curl * system No Declared in _meta; no version pinning

Security Positives

✓ All shell execution is explicitly declared in SKILL.md via {baseDir} and _meta metadata
✓ Pure awk-based RSS parsing — no binary dependencies beyond jq/curl
✓ set -euo pipefail used throughout all scripts for safe failure modes
✓ Network access is read-only (RSS feed fetch) and limited to Google News
✓ No credential, key, or sensitive path access
✓ No obfuscation, base64, eval, or dynamic code execution
✓ Deduplication via URL comparison — no external communication for comparison
✓ Strict output format validation prevents content injection
✓ Skill constraints explicitly cap rate limits (100 API calls/run, 10 articles/domain)
✓ Legitimate source: Google News RSS — a public, free, no-auth API