← Back to Skills Marketplace
288
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install podcast-manager
Description
Find, subscribe to, track, and summarize podcast episodes using public RSS feeds and lightweight local tracking files. Use when a user asks to add/manage pod...
Usage Guidance
This skill appears to do what it says: fetch public RSS/Atom feeds, summarize episodes, and store minimal local tracking files. Things to consider before installing or enabling it for autonomous use:
- Review the bundled scripts (scripts/feed_probe.py) and, if possible, run them in a sandbox before giving the agent network access. The script includes several good protections (size limit, blocking DOCTYPE/ENTITY, DNS-based private-IP checks), but it performs DNS resolution once before the HTTP request and does not re-validate the final IP after redirects. A malicious or misconfigured feed server could issue a redirect to a private/internal address, potentially enabling SSRF. Ask the maintainer to either block redirects or validate the final resolved IP after redirects.
- The skill will fetch arbitrary HTTP/HTTPS URLs and create files under memory/podcasts. If you run agents in an environment with sensitive internal services, consider restricting outbound network access or running the agent in a network-isolated environment.
- Because the skill writes local files, back up any important data you keep under the memory directory and ensure file permissions are appropriate.
- If you need stronger guarantees, request or implement an additional check that validates the final request target (post-redirect) and/or enforces no-redirect behavior when probing feeds.
Overall the package is coherent and minimal, but review the redirect/SSRF edge case and run the bundled probe in a controlled environment if you have sensitive internal resources.
Capability Analysis
Type: OpenClaw Skill
Name: podcast-manager
Version: 1.0.0
The podcast-manager skill is well-implemented and includes proactive security measures. The 'scripts/feed_probe.py' utility features robust SSRF mitigation by validating resolved IP addresses against private and loopback ranges, and it protects against XXE and resource exhaustion by checking for suspicious XML patterns and enforcing a 5MB response limit. The 'SKILL.md' instructions are strictly aligned with the stated purpose and include explicit safety guidelines to prevent unauthorized actions or data exposure.
Capability Assessment
Purpose & Capability
Name and description (subscribe, track, summarize podcasts via public RSS) match the included instructions and the feed_probe helper. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md restricts behavior to discovering/parsing public feeds and persisting local files under memory/podcasts; it warns against auto-subscribing and exposing private local paths. The included feed_probe.py implements safe parsing, size limits, and blocks private IP ranges. However, the probe resolves DNS before fetching and does not re-check the network location after redirects, which could allow a server to redirect to an internal address (redirect-based SSRF / TOCTOU). The SKILL.md does not explicitly require using the bundled script, so runtime behavior depends on how the agent is implemented.
Install Mechanism
No install spec; this is an instruction-only skill with a small bundled Python utility. Nothing is downloaded from external URLs during install and no system-wide changes are requested.
Credentials
No environment variables, credentials, or config paths are required. The skill operates on public feeds and local workspace files only, which is proportionate to its stated function.
Persistence & Privilege
always is false and the skill only writes/reads its own workspace files (memory/podcasts). It does not request persistent platform privileges or claim to modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install podcast-manager - After installation, invoke the skill by name or use
/podcast-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release with hardened feed probe and DD-reviewed safety controls
Metadata
Frequently Asked Questions
What is Podcast Manager?
Find, subscribe to, track, and summarize podcast episodes using public RSS feeds and lightweight local tracking files. Use when a user asks to add/manage pod... It is an AI Agent Skill for Claude Code / OpenClaw, with 288 downloads so far.
How do I install Podcast Manager?
Run "/install podcast-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Podcast Manager free?
Yes, Podcast Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Podcast Manager support?
Podcast Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Podcast Manager?
It is built and maintained by pp (@ppopen); the current version is v1.0.0.
More Skills