← Back to Skills Marketplace
RSS Reader
by
DimitriPantzos
· GitHub ↗
· v1.0.0
7064
Downloads
3
Stars
52
Active Installs
1
Versions
Install in OpenClaw
/install rss-reader
Description
Monitor RSS and Atom feeds for content research. Track blogs, news sites, newsletters, and any feed source. Use when monitoring competitors, tracking industr...
Usage Guidance
Install this only if you want your agent to fetch RSS/Atom feeds. Review configured feed URLs, prefer trusted HTTPS feeds, avoid localhost or private-network feed URLs, treat feed item text as untrusted content rather than instructions, and enable cron or heartbeat checks only if you want ongoing background polling.
Capability Analysis
Type: OpenClaw Skill
Name: rss-reader
Version: 1.0.0
The skill is suspicious due to a significant prompt injection vulnerability. The `SKILL.md` explicitly instructs the AI agent to 'summarize new items worth reading' from RSS feeds, especially when using the `--format ideas` option. The `scripts/rss.js` script fetches content from user-controlled URLs and directly embeds the `item.title` and `item.description` (after basic HTML entity decoding) into the markdown output that the agent is instructed to summarize. This allows an attacker who controls an RSS feed to inject malicious instructions into the agent's prompt, potentially leading to unauthorized actions. While the script itself doesn't contain malicious code, this interaction creates a critical attack surface.
Capability Assessment
Purpose & Capability
The files coherently implement RSS/Atom feed management: add, remove, list, check configured feeds, store feed metadata, and print item titles, links, and descriptions.
Instruction Scope
The activation language is broad around content research and competitor tracking, and the skill does not explicitly warn that feed text is untrusted, but the behavior remains scoped to RSS/Atom workflows.
Install Mechanism
No hidden installer or privileged setup is present; the documentation mentions npm dependencies and a parser module that are not actually used or included, which is an accuracy issue rather than a security concern.
Credentials
Outbound HTTP/HTTPS requests to configured feed URLs, redirect following, and local writes to the skill's feeds file are expected for an RSS reader, though the script does not block internal or private network targets.
Persistence & Privilege
The skill persists feed configuration and last-check timestamps and documents optional cron or heartbeat scheduling; there is no automatic persistence beyond user-run commands or user-enabled scheduling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rss-reader - After installation, invoke the skill by name or use
/rss-reader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Monitor RSS/Atom feeds for content research
Metadata
Frequently Asked Questions
What is RSS Reader?
Monitor RSS and Atom feeds for content research. Track blogs, news sites, newsletters, and any feed source. Use when monitoring competitors, tracking industr... It is an AI Agent Skill for Claude Code / OpenClaw, with 7064 downloads so far.
How do I install RSS Reader?
Run "/install rss-reader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RSS Reader free?
Yes, RSS Reader is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RSS Reader support?
RSS Reader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RSS Reader?
It is built and maintained by DimitriPantzos (@dimitripantzos); the current version is v1.0.0.
More Skills