Security News Feed

Collects and summarizes Korean security news hourly from 11 sources using Gemini API, then publishes to Notion and optionally to Tistory blog.

What to consider before installing or running this skill: - Credentials: The skill actually requires several secrets (Gemini/LLM API keys, Notion API key and database IDs, optional Tistory token, Slack webhook). The registry listing said none — do NOT assume no secrets are needed. Create dedicated, least-privilege API tokens (separate integration accounts) if you proceed. - External repo: SKILL.md asks you to git clone https://github.com/rebugui/OpenClaw.git and run it. The skill package itself already contains many files. Cloning and running an external repository increases risk (arbitrary code). Prefer to audit the included code instead of blindly cloning a third-party repo. - .env location: Several scripts load a .env from your home directory path (~/.openclaw/workspace/.env). That may cause the skill to read other tokens you keep there. Do not place sensitive or unrelated credentials in that file, or run the code in an isolated environment. - Browser profile / Selenium: The code references CHROME_USER_DATA_DIR and CHROME_PROFILE_NAME to reuse a Chrome profile for automation. Pointing this to your real browser profile would expose cookies and logged-in sessions (high risk). If you need Selenium, use a fresh, dedicated profile directory or prefer API-based publishing (Tistory API) rather than Selenium automation. - Network & data flow: The skill will fetch many external sites and send content to LLM and publishing endpoints (Gemini/Notion/Tistory). Audit what content you allow to be uploaded to LLM services and where summaries are published. Consider sanitizing content if you have sensitive internal URLs in the feed. - Prompt-injection artifact: SKILL.md contained unicode-control-chars flagged as potential prompt-injection. Avoid running any component that auto-submits untrusted text to LLMs without review. Inspect SKILL.md and prompt templates in modules/prompts/* before use. - Recommended mitigations: run in an isolated VM/container, inspect (or diff) the included code files before executing, do not point CHROME_USER_DATA_DIR to your real browser profile, create minimal-scope API tokens for Notion/Tistory/LLM, and if possible test with network access restricted until you are confident of behavior. If you are not comfortable auditing the code, avoid installing the skill or only run the parts that do not require external credentials.

Type: OpenClaw Skill Name: security-news-feed Version: 1.0.1 The security-news-feed skill bundle is a legitimate and well-structured tool designed to aggregate, summarize, and publish security news from various Korean and international sources. It utilizes Selenium (in `tistory_handler.py`) and subprocess calls to `curl` (in `skshieldus.py`) to interact with web interfaces and legacy SSL configurations, which are consistent with its stated purpose of automated news collection and publishing. While the code handles sensitive API keys and includes options to disable SSL verification for development or compatibility, these behaviors are documented with warnings and lack evidence of malicious intent or unauthorized data exfiltration.