← Back to Skills Marketplace
dinghaibin

Rss Aggregator

by BIN · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
54
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install rss-agg
Description
Parse, aggregate and process RSS/Atom feeds. Use when user wants to track multiple RSS feeds, create personalized news digest, monitor blog updates, or build...
Usage Guidance
This skill is functionally coherent for aggregating feeds, but review the following before using: 1) The script disables TLS certificate verification (ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE). That makes feed downloads vulnerable to man-in-the-middle attacks — consider removing those lines so certificates are validated. 2) The code uses Python's xml.etree.ElementTree without explicit protections; consider using a hardened XML parser (e.g., defusedxml) to prevent XML external entity (XXE) issues. 3) The script will fetch any URL you provide (including internal network addresses); avoid pointing it at sensitive internal endpoints or run it in a restricted/containerized environment. 4) SKILL.md examples use external notification tools (telegram-send) — ensure any notification integrations are configured safely and you understand what data will be transmitted. If you want to proceed, run this in an isolated environment, sanitize feed lists, and patch the TLS/XML issues first.
Capability Analysis
Type: OpenClaw Skill Name: rss-agg Version: 1.0.0 The RSS aggregator skill contains significant security vulnerabilities in `scripts/aggregator.py`. Specifically, the script explicitly disables SSL certificate verification (`ssl.CERT_NONE`), which exposes the agent to Man-in-the-Middle (MitM) attacks when fetching remote feeds. Furthermore, the use of the standard `xml.etree.ElementTree` library to parse untrusted XML data from the internet presents a risk of XML External Entity (XXE) attacks. While these are critical vulnerabilities, they lack clear evidence of intentional malice or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description match the included script and instructions: the code fetches feeds, parses RSS/Atom, filters, and formats output. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
The SKILL.md instructs running the provided script and shows examples (including piping results to external tools like telegram-send). The bundled Python code fetches arbitrary URLs and parses XML. Notable risky behaviors in the runtime code: it explicitly disables TLS certificate validation (ssl.CERT_NONE and check_hostname=False) which permits MITM attacks, and it uses xml.etree.ElementTree without mitigations (raising potential XML parsing vulnerabilities). The SKILL.md's examples that call external notification tools mean outputs could be transmitted externally if the user configures them.
Install Mechanism
No install spec; code is provided directly. Nothing is downloaded from remote hosts during installation. This minimizes supply-chain risk.
Credentials
The skill requests no credentials or environment variables. There is no disproportionate credential request relative to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It runs only when invoked.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install rss-agg
  3. After installation, invoke the skill by name or use /rss-agg
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: RSS/Atom feed aggregation with filtering and multiple output formats
Metadata
Slug rss-agg
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Rss Aggregator?

Parse, aggregate and process RSS/Atom feeds. Use when user wants to track multiple RSS feeds, create personalized news digest, monitor blog updates, or build... It is an AI Agent Skill for Claude Code / OpenClaw, with 54 downloads so far.

How do I install Rss Aggregator?

Run "/install rss-agg" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Rss Aggregator free?

Yes, Rss Aggregator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Rss Aggregator support?

Rss Aggregator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Rss Aggregator?

It is built and maintained by BIN (@dinghaibin); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments