Scan Report
15 /100
news-summary-litiao
Fetches news from trusted international RSS feeds and can create voice summaries
A legitimate news summary skill with documented RSS feed fetching and OpenAI TTS integration. All declared capabilities align with documented behavior.
Safe to install
Skill is safe to use. No action required.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Environment Variable Access Sensitive Access | SKILL.md:57 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem operations in documentation |
| Network | READ | READ | ✓ Aligned | SKILL.md lines 17-42: RSS feed URLs declared |
| Shell | NONE | NONE | — | SKILL.md lines 45-53: curl/grep/sed are example commands, not automated executio… |
| Environment | READ | READ | ✓ Aligned | SKILL.md line 57: $OPENAI_API_KEY access declared for TTS |
7 findings
Medium External URL 外部 URL
https://feeds.bbci.co.uk/news/world/rss.xml SKILL.md:17 Medium External URL 外部 URL
https://feeds.bbci.co.uk/news/rss.xml SKILL.md:20 Medium External URL 外部 URL
https://feeds.bbci.co.uk/news/business/rss.xml SKILL.md:23 Medium External URL 外部 URL
https://feeds.bbci.co.uk/news/technology/rss.xml SKILL.md:26 Medium External URL 外部 URL
https://www.reutersagency.com/feed/?best-regions=world&post_type=best SKILL.md:32 Medium External URL 外部 URL
https://feeds.npr.org/1001/rss.xml SKILL.md:37 Medium External URL 外部 URL
https://www.aljazeera.com/xml/rss/all.xml SKILL.md:42 File Tree
2 files · 2.2 KB · 109 lines Markdown 1f · 104L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable code or scripts present - only documentation
✓ All RSS feed URLs are from legitimate news organizations (BBC, Reuters, NPR, Al Jazeera)
✓ No base64 encoding, eval(), or obfuscation detected
✓ No credential harvesting or exfiltration patterns observed
✓ No hidden functionality or documentation mismatch
✓ No supply chain dependencies to analyze