ai-news-aggregator-sl
Aggregates AI and tech news from various sources, generates editorial digests, and posts them to Discord, customizable by topic.
Install this skill
Security score
The ai-news-aggregator-sl skill was audited on May 14, 2026 and we found 25 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 18 | - DISCORD_WEBHOOK_URL # Required: Discord channel webhook to post results |
Webhook reference - potential data exfiltration
| 49 | | `https://discord.com/api/webhooks/...` | Post digest to Discord | Always (required) | |
Webhook reference - potential data exfiltration
| 72 | - "Test my Discord webhook" |
Webhook reference - potential data exfiltration
| 80 | | `DISCORD_WEBHOOK_URL` | ✅ Always | Discord → Channel Settings → Integrations → Webhooks → Copy URL | |
Webhook reference - potential data exfiltration
| 131 | [[ -n "$DISCORD_WEBHOOK_URL" ]] && echo "DISCORD_WEBHOOK_URL: set" || echo "DISCORD_WEBHOOK_URL: MISSING" |
Webhook reference - potential data exfiltration
| 137 | openclaw config set env.DISCORD_WEBHOOK_URL '<url>' |
Webhook reference - potential data exfiltration
| 177 | | "test Discord" / "test webhook" | `--test-discord` | |
Webhook reference - potential data exfiltration
| 209 | # Test webhook connection |
Access to hidden dotfiles in home directory
| 109 | SKILL_DIR=$(ls -d ~/.openclaw/skills/ai-news-aggregator-sl 2>/dev/null || ls -d ~/.openclaw/skills/news-aggregator 2>/dev/null) |
Access to .env file
| 125 | Env vars are passed automatically by OpenClaw from its config. No `.env` file is needed. |
External URL reference
| 48 | | `https://api.deepseek.com/chat/completions` | AI editorial summarisation | Always (required) | |
External URL reference
| 49 | | `https://discord.com/api/webhooks/...` | Post digest to Discord | Always (required) | |
External URL reference
| 50 | | `https://techcrunch.com/.../feed/` | RSS news (AI topic) | Default AI topic only | |
External URL reference
| 51 | | `https://www.theverge.com/rss/...` | RSS news (AI topic) | Default AI topic only | |
External URL reference
| 52 | | `https://www.nytimes.com/svc/collections/...` | RSS news (AI topic) | Default AI topic only | |
External URL reference
| 53 | | `https://api.tavily.com/search` | Custom topic news search | Only if `TAVILY_API_KEY` set | |
External URL reference
| 54 | | `https://api.twitterapi.io/twitter/tweet/advanced_search` | Twitter search | Only if `TWITTERAPI_IO_KEY` set | |
External URL reference
| 55 | | `https://www.googleapis.com/youtube/v3/...` | YouTube search | Only if `YOUTUBE_API_KEY` set | |
External URL reference
| 57 | The script does **not** contact OpenAI endpoints. The `openai` package is used solely as an HTTP client pointed at `https://api.deepseek.com`. `OPENAI_API_KEY` is explicitly removed from the environme |
External URL reference
| 81 | | `DEEPSEEK_API_KEY` | If using DeepSeek (default) | [platform.deepseek.com/api_keys](https://platform.deepseek.com/api_keys) | |
External URL reference
| 82 | | `OPENAI_API_KEY` | If using OpenAI | [platform.openai.com/api-keys](https://platform.openai.com/api-keys) | |
External URL reference
| 83 | | `ANTHROPIC_API_KEY` | If using Claude | [console.anthropic.com](https://console.anthropic.com) → API Keys | |
External URL reference
| 84 | | `TAVILY_API_KEY` | For custom topics | [app.tavily.com](https://app.tavily.com) | |
External URL reference
| 85 | | `TWITTERAPI_IO_KEY` | Optional | [twitterapi.io](https://twitterapi.io) | |
External URL reference
| 86 | | `YOUTUBE_API_KEY` | Optional | [console.cloud.google.com](https://console.cloud.google.com) → YouTube Data API v3 | |