Clawfeed
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawFeed is documented as a news digest server, but its own API table shows unauthenticated write/configuration endpoints and the install instructions reference missing, unreviewed application files.
Review this carefully before installing or deploying. Do not expose the API server publicly until write and configuration endpoints are clearly authenticated, and do not run npm install/npm start unless you have the missing source files from a trusted source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If deployed as documented, someone with access to the API could potentially change configuration or create digests without a clear authorization gate.
The documented API exposes write-capable operations with '-' in the Auth column, despite the skill also describing API_KEY protection for write APIs. Updating configuration and creating digests are mutation actions that need clear authentication and user control.
| POST | /api/digests | Create digest (internal) | - | ... | PUT | /api/config | Update configuration | - |
Require authentication or an API key for all write/configuration endpoints, document the exact access controls, and avoid exposing these endpoints through a reverse proxy until protections are verified.
A user may believe the skill is read-only and low-risk while deploying an API that can change server configuration.
The read-only framing conflicts with the same artifact documenting an unauthenticated configuration update endpoint, which could lead users to underestimate the service's mutation surface.
ClawFeed runs in **read-only mode** with zero credentials ... | PUT | /api/config | Update configuration | - |
Clarify which mode is truly read-only, mark write endpoints as protected, and explicitly warn users not to expose mutation endpoints without authentication.
Using the authentication features may involve Google OAuth credentials, session cookies, and write API secrets.
The skill documents optional OAuth, session, and API-key secrets for authentication and write features. These credentials are purpose-aligned, but users should notice that the registry metadata declares no required environment variables or primary credential.
`GOOGLE_CLIENT_ID` ... `GOOGLE_CLIENT_SECRET` ... `SESSION_SECRET` ... `API_KEY`
Only configure credentials needed for your deployment, keep secrets out of logs and shared files, and verify OAuth scopes and callback URLs before enabling auth features.
Users cannot verify from these artifacts what code or packages would actually be installed and run.
The skill asks for npm installation and startup and references a native dependency, but the provided artifact set contains only SKILL.md, with no package manifest, lockfile, source code, or install spec to review.
npm install ... npm start ... Runtime dependency: SQLite via `better-sqlite3` (native addon, bundled).
Install only from a trusted source repository or package, inspect package.json and lockfiles, and avoid running npm commands for this skill until the missing implementation files are available.