Is davidk2yoyo/noticias-cangrejo safe?
https://github.com/openclaw/skills/tree/main/skills/davidk2yoyo/noticias-cangrejo
noticias-cangrejo is a dependency-free Python skill that fetches news articles from the GNews API and renders a Markdown digest. The SKILL.md contains no prompt injection, the source code performs no suspicious filesystem reads or unexpected network calls, and all canary files remained intact throughout the audit. The only notable concerns are a credential hygiene issue (API key in URL parameter), a write-anywhere capability via --output, and sloppy packaging (developer's lock.json bundled in the release).
Category Scores
Findings (4)
LOW API key transmitted as URL query parameter -9 ▶
The GNEWS_API_KEY environment variable is appended to the HTTP request URL as ?apikey=
LOW --output flag allows writes to arbitrary filesystem paths -6 ▶
The CLI exposes an --output parameter that opens the caller-supplied path for writing with no path sanitization. If an agent is manipulated into passing a sensitive path (e.g., ~/.ssh/authorized_keys), the skill would overwrite it with Markdown content. This is a documented feature but represents a write-anywhere capability if the invoking agent is compromised or confused.
INFO Skill directory contains .clawhub/lock.json referencing unrelated skill -10 ▶
The distributed skill package includes .clawhub/lock.json which records academic-research-hub v0.1.0 as an installed dependency. This file belongs to the developer's local OpenClaw workspace and should not be part of the published skill. It reveals information about the developer's environment but poses no active security risk.
INFO OpenClaw gateway maintains persistent outbound connections to AWS -12 ▶
Post-install connection diff shows openclaw-gateway (pid=1093) holding two established TCP connections to 54.211.197.216:443 (AWS EC2). These connections are attributable to the OpenClaw platform infrastructure, not to the skill. Documented for transparency.