Back to plugin

Security audit

PANews Agent Toolkit

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.

This appears reasonable for reading PANews content and managing PANews creator articles. Before installing, understand that the creator portion can use your PANews session to modify account content; provide that session only when needed, review destructive or publishing-related actions, and install from the expected PANews source. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.obfuscated_code

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
skills/panews-creator/scripts/cli.mjs:13
Evidence
`),process.exit(1)}}const de=`https://universal-api.panewslab.com`;async function fe(e,t={}){let{lang:n,session:r,method:i=`GET`,body:a}=t,o={"Content-Type":`ap...

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
skills/panews-creator/scripts/cli.mjs:17
Evidence
`)}},open:{value:function(){this.documentElement=null}},close:{value:function(){this.readyState=`interactive`,this._dispatchEvent(new c(`readystatechange`),!0),...

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
skills/panews/scripts/cli.mjs:19
Evidence
`)}},open:{value:function(){this.documentElement=null}},close:{value:function(){this.readyState=`interactive`,this._dispatchEvent(new c(`readystatechange`),!0),...