Skillv0.1.0

ClawScan security

Clawfeed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 5:35 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions mostly match a news-digest web service, but the registry metadata, install/credential declarations, and LLM/invocation expectations are inconsistent or incomplete — review before installing or running.
Guidance: What to check before installing/running ClawFeed: - Metadata vs code: The registry claims an 'instruction-only' skill with no env vars, but the repository contains a runnable Node server and DB migrations. Treat this as a small web app you will be starting locally (not just a prompt file). - Secrets required: SKILL.md expects GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET, SESSION_SECRET, and API_KEY for write endpoints. Do not supply these credentials to the skill unless you trust the source. The registry omitted these — ask the publisher why. - LLM / external API ambiguity: The docs describe AI summarization but do not list which LLM provider or API keys (OpenAI, Anthropic, self-hosted) are used. Inspect src/server.mjs and code paths that perform summarization to see whether the app makes outbound calls and to which hosts before running. - Network exposure & persistence: npm start will run a server (default port 8767) and create a local SQLite DB. Run it in an isolated environment (container, VM) and bind it to localhost only if you do not want it reachable from the network. - Native build: better-sqlite3 is a native addon; npm install will compile / download binaries. Ensure build tools are acceptable in your environment. - Review code: Because full source is included, scan src/server.mjs and src/db.mjs for any hidden outbound endpoints, telemetry, or code that reads unexpected config paths. Look for any hard-coded URLs/webhooks (e.g., feedback webhook) before providing credentials. If you want higher confidence: request the publisher to update registry metadata to declare required env vars and an install spec, and to document the LLM/provider used. If you cannot audit the code, run the service in a container/VM and restrict network access until you confirm behavior.

Review Dimensions

Purpose & Capability: concernThe name/description and SKILL.md describe a web service that generates digests from Twitter/RSS (expected). However the registry metadata claims 'instruction-only' with no required env vars, while the bundled repository contains a full Node API server (src/server.mjs, src/db.mjs) and runtime instructions that require npm install and env configuration. That mismatch (registry saying 'no env vars / instruction-only' vs. repository containing runnable server code and env vars) is incoherent and worth caution.
Instruction Scope: noteSKILL.md instructs the agent/user to run npm install, copy .env.example, set GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET/SESSION_SECRET/API_KEY and start the server — all appropriate for a web dashboard. The instructions do not ask the agent to read unrelated system files. However SKILL.md describes AI summarization (LLM usage) and no LLM API key or provider env var is declared; it's unclear how summarization is performed (local model vs external API). This ambiguity increases risk because running the service may cause unexpected outbound LLM/API calls.
Install Mechanism: concernRegistry lists no install spec (instruction-only), but the package includes a full Node app and expects 'npm install' (native addon better-sqlite3). There is no remote download of arbitrary archives, which is good, but the lack of an install spec in the registry (despite substantial code) is inconsistent and means the agent/platform may not be aware this skill will compile native modules and spawn a networked server if the user follows SKILL.md.
Credentials: concernSKILL.md lists multiple secrets (GOOGLE_CLIENT_ID/SECRET, SESSION_SECRET, API_KEY, AI_DIGEST_DB path, ALLOWED_ORIGINS). The registry metadata shows 'required env vars: none' and 'primary credential: none' — a clear mismatch. The declared env vars are plausible for the app, but the registry omission could mislead users or automated installers about what secrets will be requested. Also the instructions don't declare any LLM/third-party API keys despite describing an AI summarization pipeline, which is an important omission to clarify.
Persistence & Privilege: noteThe skill does not request always:true and is user-invocable (normal). Running the skill as instructed will start a persistent server (npm start) and create/modify a local SQLite DB (data/digest.db by default). That persistence is expected for a web service, but users should be aware the skill will open network ports and write local data if installed and started.