Briefed
ReviewAudited by ClawScan on May 10, 2026.
Overview
Briefed mostly matches its Gmail newsletter-reader purpose, but Review is warranted because its local reader serves saved email bodies through an unauthenticated web API that may be reachable beyond localhost.
Install only if you are comfortable granting read-only Gmail access, sending newsletter content to the configured model provider, and running a local reader. Before enabling daily cron or LaunchAgent persistence, bind the server to 127.0.0.1 or add authentication, protect the Gmail token file, and review the stored interest/notes files.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the reader port is reachable from another device or process, someone could read stored newsletter email bodies or alter notes and interest signals.
The server exposes API routes for full email bodies and note writes, and the shown server setup has no authentication middleware or explicit localhost-only bind.
app.get('/api/story/:id', ... res.json({ id: story.id, body: story.body || '' }); ... app.post('/api/note', ... writeNotes(notes); ... app.listen(PORT, () => { ... http://localhost:${PORT} ... });Bind the server to 127.0.0.1, add a local auth token or similar protection, and avoid exposing port 3001 on a network.
The token allows future read-only Gmail API access, and anyone who can read the token file may be able to access Gmail data within that scope.
The skill creates a persistent local OAuth token with Gmail read-only scope, which is expected for this integration but remains sensitive credential material.
TOKEN_FILE = os.environ.get('BRIEFED_GMAIL_TOKEN_FILE', os.path.expanduser('~/.openclaw/workspace/briefed-gmail-token.json')) ... SCOPES = ['https://www.googleapis.com/auth/gmail.readonly'] ... token.write(creds.to_json())Use the minimum Gmail scope, protect the token file, and revoke the OAuth grant if you stop using the skill.
A malicious or compromised newsletter could try to influence the digest output or the agent's behavior during the scheduled summary run.
The scheduled model reads email-derived newsletter snippets as context; the prompt limits file writes, but newsletters are untrusted content that could contain prompt-injection attempts.
Read: ~/.openclaw/workspace/newsletter-inbox.json ... Use the snippet field to write real summaries ... For each newsletter, write to only this file: ~/.openclaw/workspace/newsletter-today.json.
Add explicit instructions to treat email content as data, ignore instructions inside newsletters, and validate the generated JSON before downstream use.
Briefed may keep running at login and fetch/process Gmail newsletters daily until the LaunchAgent or cron job is removed.
The artifacts document optional auto-start and scheduled daily operation; this is aligned with a daily digest but creates ongoing background behavior.
LaunchAgent is optional convenience for auto-start ... <key>RunAtLoad</key><true/> ... <key>KeepAlive</key><true/> ... Create the daily cron job
Only enable persistence if you want daily automation, and keep the unload/remove commands handy.
Users could be confused into installing or authorizing a tool that is not clearly part of the reviewed runtime path.
The README references an external OAuth CLI, while the SKILL/code path uses Google OAuth client JSON and Python Google auth libraries; this is a setup/provenance clarity issue rather than direct malicious behavior.
- [gog (gogcli)](https://github.com/openclaw/gogcli) — Gmail OAuth CLI ... Authenticate Gmail with `gog auth login`
Follow one verified setup path, prefer the code-backed OAuth flow described in SKILL.md, and avoid granting Gmail access to unexpected tools.
Your reading behavior and notes become a persistent local profile, and incorrect or manipulated signals could skew future digests.
The skill intentionally stores persistent interest signals and notes that can influence future ranking and personalization.
Tracks your interests over time based on what you open and upvote
Review or delete the interest and notes files periodically if you do not want this profile retained.