Security audit
FeedNest
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and requested configuration (a FeedNest API key) are consistent with its stated purpose of integrating FeedNest into OpenClaw; nothing requests unrelated secrets or system access.
This plugin appears coherent and implements FeedNest API methods as advertised. Before installing: (1) Be prepared to provide a FeedNest Pro API key (sensitive — store in OpenClaw config); (2) Leave write and AI tools un-allowlisted unless you explicitly want the agent to perform actions like marking articles read, saving URLs, creating tags, or generating audio; enable only the specific tools you trust; (3) Note that extract_article may fetch original article URLs (network access to external sites) — this is expected but worth being aware of; (4) Confirm you trust the FeedNest service and the package source (repository/homepage) and that the API key can be rotated/revoked if needed; (5) If you are concerned about autonomous agent actions, restrict the plugin in your agent's allow list and require manual invocation for write/AI tools.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
