Is rssaurus safe?
https://clawhub.ai/justinburdett/rssaurus
The rssaurus skill is a clean, documentation-only skill that provides CLI usage instructions for the RSSaurus RSS reader. It contains no executable code, no install scripts, no git hooks, and no malicious prompt injection patterns. The primary risk is the implicit trust placed in the externally-installed rssaurus Go binary, whose behavior cannot be verified from the skill alone. Filesystem events during installation are attributable to the OpenClaw runtime rather than the skill itself.
Category Scores
Findings (6)
MEDIUM Installation process accessed sensitive files -15 ▶
During installation, the monitoring detected reads of /home/oc-exec/.env, /home/oc-exec/.aws/credentials, and OpenClaw config files. These accesses appear to be from the OpenClaw agent runtime rather than the skill itself, as the skill contains no executable code.
MEDIUM Skill interacts with external service via opaque CLI binary -10 ▶
The skill instructs the agent to use a pre-compiled Go binary that communicates with rssaurus.com. The binary's internal behavior cannot be verified from the skill contents alone.
LOW Privacy directive suppresses config file display -5 ▶
The skill instructs the agent to never display the RSSaurus config file, which is a reasonable privacy measure but constitutes a behavioral override.
LOW Reliance on external binary creates trust dependency -15 ▶
The skill's functionality depends entirely on a separately-installed Go binary. Users must trust both the skill and the binary.
LOW Bulk mark-read could cause unintended data changes -10 ▶
The mark-read --all command could mark all items as read if the agent misinterprets a user request.
LOW Open command accepts arbitrary URLs -5 ▶
The rssaurus open command could be used to open arbitrary URLs, which could be exploited if feed items contain malicious links.