Clawfeed
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawFeed mostly matches a news-digest server, but it needs review because the artifacts show a possible hardcoded Google OAuth secret and document unauthenticated write/config endpoints.
Review before installing. Do not expose this server publicly until write/config endpoints are confirmed to require authentication, remove and rotate any hardcoded OAuth or Bearer secrets, set your own SESSION_SECRET/API_KEY/OAuth values, and remember that RSS/JSON feed URLs may publish digest contents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deployed instance could accidentally use someone else’s OAuth credential, and any real committed secret should be considered exposed.
The static scan reports a hardcoded secret-like value used before an environment value for Google OAuth. OAuth client secrets are privileged credentials and should not be embedded in distributable code.
const GOOGLE_CLIENT_SECRET = [REDACTED] || process.[REDACTED];
Remove the hardcoded secret, rotate any exposed Google OAuth credential, require user-provided env vars for OAuth, and declare the credential requirements in registry metadata.
If the server is exposed as documented, an unauthenticated caller may be able to create content or change configuration.
The skill documents mutation endpoints, including digest creation and configuration updates, with no authentication, despite also saying API_KEY protects write APIs.
| POST | /api/digests | Create digest (internal) | - | ... | PUT | /api/config | Update configuration | - |
Require API-key or user authentication for all write/configuration endpoints, document the auth requirements consistently, and avoid exposing the API publicly until this is verified.
Installing and starting the skill runs local Node packages and a server process on the machine.
The skill requires local package installation and starting a Node API server. This is expected for the stated web-dashboard purpose, but it executes local code and native dependencies.
npm install ... npm start ... Runtime dependency: SQLite via `better-sqlite3` (native addon, bundled).
Review package sources/lockfile, run with least privilege, and bind or reverse-proxy the server only as intended.
Anyone who knows a feed slug may be able to read that user’s digest feed.
The app stores and republishes digest summaries through unauthenticated per-user feed URLs. This is a disclosed feature, but it can expose reading/source interests if users treat digests as private.
`GET` | `/feed/:slug` | User's digest feed (HTML) | - ... `/feed/:slug.json` ... `/feed/:slug.rss`
Use only public-safe sources for public feeds, or add access controls/private feed tokens for personal or sensitive digests.