v1.1.2

Briefed

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:06 AM.

Analysis

Briefed is a coherent Gmail newsletter reader, but its local web server appears to expose stored email content through unauthenticated HTTP without an explicit localhost-only bind.

GuidanceReview this skill before installing. If you use it, keep Gmail access read-only, protect or revoke the OAuth token when needed, and change the reader server to bind only to 127.0.0.1 with authentication before enabling persistent auto-start or using it on shared/untrusted networks.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

LaunchAgent is optional convenience for auto-start ... <key>RunAtLoad</key><true/> ... <key>KeepAlive</key><true/>

The artifact provides an optional macOS LaunchAgent that keeps the reader running automatically; it is disclosed and user-directed, not hidden.

User impactIf enabled, the reader can keep running after login and continue serving the local API until disabled.

RecommendationOnly enable the LaunchAgent and daily cron job if you want ongoing background operation; unload the LaunchAgent and remove cron jobs when uninstalling.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Gmail access is **read-only** (`gmail.readonly`). OAuth token is stored locally at `~/.openclaw/workspace/briefed-gmail-token.json`

The skill requires Gmail OAuth access and stores a reusable token; this is disclosed and read-only, but it is still sensitive account access.

User impactAnyone with access to the token file may be able to read Gmail data within the granted scope.

RecommendationUse the read-only Gmail scope only, protect the token file, and revoke the OAuth grant if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

assets/reader/server.js

app.get('/api/story/:id', ... res.json({ id: story.id, body: story.body || '' }); ... app.listen(PORT, () => { console.log(`📰 Newsletter Reader running at http://localhost:${PORT}`); })

The server returns stored email bodies through an HTTP endpoint and starts with only a port number; the artifacts do not show authentication or an explicit 127.0.0.1/localhost bind.

User impactPrivate newsletter contents and saved reading data could be reachable by other local processes or network users if the service is exposed beyond the intended browser session.

RecommendationBind the server explicitly to 127.0.0.1, add an access token or other authentication for API endpoints, and avoid running it persistently on untrusted networks.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

Tracks your interests over time based on what you open and upvote

The skill persistently records reading behavior, notes, and interest signals for later use; this is purpose-aligned but privacy-sensitive.

User impactThe skill builds a local profile of what newsletters and topics you engage with.

RecommendationReview and periodically delete the workspace files if you do not want long-term interest history retained.