daily.dev
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent daily.dev API guide, but it uses a daily.dev API token and can change personalized feeds, bookmarks, or profile details when directed.
Use this skill if you are comfortable giving an agent a daily.dev API token. Keep the token secure, ensure it is only used with api.daily.dev, and require confirmation before the agent creates feeds, follows or blocks tags, updates bookmarks, or changes your daily.dev profile.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the token may access personalized daily.dev content and potentially perform allowed API actions on the user's account.
The skill requires a bearer token tied to the user's daily.dev account. This is expected for the integration and the artifact gives appropriate handling guidance, but it is still sensitive account access.
**CRITICAL:** Your API token grants access to personalized content. Protect it: - **NEVER send your token to any domain other than `api.daily.dev`**
Use a dedicated token if possible, store it securely, send it only to api.daily.dev, and rotate it if it may have been exposed.
The agent could change the user's daily.dev recommendations, bookmarks, or public/profile information if the user authorizes those workflows.
The documented API workflows include persistent account mutations such as following tags, creating feeds, updating profile stack, and editing the profile bio. These are purpose-aligned, but should remain user-approved.
Auto-follow matching tags via `/feeds/filters/tags/follow` ... Populate their stack via `POST /profile/stack/` ... Update `/profile/` bio
Ask for a preview and explicit confirmation before any POST or profile/feed/bookmark update, especially before changing public profile fields.
Private or sensitive project details could influence daily.dev profile or feed settings if the agent scans repositories too broadly.
The skill suggests deriving context from GitHub/project activity and storing or reflecting it in daily.dev personalization and profile data. This is aligned with personalization, but can persist project-derived information beyond the immediate task.
Scan a user's GitHub repositories to detect their actual tech stack ... Create a custom feed tuned to their stack ... Update `/profile/` bio based on their primary technologies and contributions
Limit scanning to repositories and files the user approves, avoid copying private project details into profile text, and confirm what will be stored in daily.dev.