Briefed
v1.1.2Set up and run a personal AI newsletter intelligence system called Briefed. Fetches Gmail newsletters daily, uses Claude Haiku to extract article summaries,...
⭐ 1· 382·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill asks only for a Google OAuth client secret (BRIEFED_GMAIL_CLIENT_SECRET) and optionally a token file and account name—all appropriate for a Gmail-readonly newsletter fetcher. Node/Python runtime requirements and the included scripts match the described functionality. The README's mention of a separate 'gog' CLI is an incidental recommendation, not a required secret.
Instruction Scope
SKILL.md instructs the agent to run the included Python fetchers, write/read a small set of workspace JSON/MD files, and run the local Express reader. The instructions explicitly limit external endpoints (model provider and a user-chosen notification channel). The code implements only Gmail API calls and local file operations; there are no unexpected network calls or instructions to read unrelated system files.
Install Mechanism
There is no remote download or opaque install step; the skill is instruction-only and ships its code in the skill bundle. Dependencies are installed with pip/npm locally per SKILL.md. No suspicious external URLs, shorteners, or extraction from arbitrary servers are used.
Credentials
Only BRIEFED_GMAIL_CLIENT_SECRET is required, with BRIEFED_GMAIL_TOKEN_FILE and NEWSLETTER_ACCOUNT optional—this is proportional to needing Gmail OAuth. The token file used is stored locally under the workspace. No unrelated credentials (AWS, other API keys, secrets) are requested.
Persistence & Privilege
The skill does not set always:true and does not auto-enable persistent system-wide privileges. However, SKILL.md documents optional persistence (macOS LaunchAgent and a daily cron via OpenClaw). If the user enables those, the stored OAuth token will allow ongoing Gmail read access until revoked. This is expected for a persistently running newsletter fetcher but worth explicit user attention.
Assessment
This package appears to be what it says: a local newsletter fetcher + reader. Before installing, consider: 1) The BRIEFED_GMAIL_CLIENT_SECRET points to your Google OAuth client JSON and the first run will produce a reusable token file (default ~/.openclaw/workspace/briefed-gmail-token.json). That token grants read access to your Gmail (gmail.readonly) until revoked—ensure you trust the environment and restrict file permissions. 2) The skill recommends (but does not automatically create) persistent launch (LaunchAgent / cron). Only enable those if you want automatic daily access. 3) The skill relies on OpenClaw's model provider (claude-haiku) to summarise content; check your OpenClaw / model provider privacy policy because newsletter content will be sent to the configured model provider. 4) The bundle contains duplicated scripts (in assets/reader/scripts and top-level scripts); review the scripts if you want extra assurance. 5) If you have sensitive newsletters, consider running this against a separate Gmail account or carefully inspect and restrict the OAuth client scopes. If you want, revoke the refresh token from Google or delete the token file to stop future access.Like a lobster shell, security has layers — review code before you run it.
digestvk971d5a5ba1d22sg9txdacferd825wf2gmailvk971d5a5ba1d22sg9txdacferd825wf2latestvk971d5a5ba1d22sg9txdacferd825wf2newslettervk971d5a5ba1d22sg9txdacferd825wf2productivityvk971d5a5ba1d22sg9txdacferd825wf2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvBRIEFED_GMAIL_CLIENT_SECRET