Back to plugin

Security audit

FeedNest

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and requested configuration (a FeedNest API key) are consistent with its stated purpose of integrating FeedNest into OpenClaw; nothing requests unrelated secrets or system access.

This plugin appears coherent and implements FeedNest API methods as advertised. Before installing: (1) Be prepared to provide a FeedNest Pro API key (sensitive — store in OpenClaw config); (2) Leave write and AI tools un-allowlisted unless you explicitly want the agent to perform actions like marking articles read, saving URLs, creating tags, or generating audio; enable only the specific tools you trust; (3) Note that extract_article may fetch original article URLs (network access to external sites) — this is expected but worth being aware of; (4) Confirm you trust the FeedNest service and the package source (repository/homepage) and that the API key can be rotated/revoked if needed; (5) If you are concerned about autonomous agent actions, restrict the plugin in your agent's allow list and require manual invocation for write/AI tools.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.