Purefeed
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: purefeed Version: 0.11.0 The purefeed skill bundle provides a standard interface for interacting with the purefeed.ai API to monitor and organize Twitter/X content. It uses bash/curl to perform legitimate API operations such as managing signals and folders, with no evidence of malicious intent, data exfiltration, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change or remove Purefeed signals or bookmark organization if the user asks it to use those workflows.
The skill uses bash/curl to call API endpoints, including destructive account operations. This is disclosed and aligned with managing signals/folders, but users should explicitly approve mutations and deletions.
allowed-tools: ["bash"] ... | DELETE | /signals/:id | Delete signal (irreversible) |
Use the skill for read-only searches unless you intentionally want it to create, update, or delete signals or folders; confirm destructive operations before they run.
Anyone or any agent action using this key can access the Purefeed API permissions associated with that key.
The skill requires a bearer API key for the user's Purefeed account. This is expected for the service integration, with no evidence of credential logging or unrelated use.
**Auth:** `Authorization: Bearer $PUREFEED_API_KEY`
Use a dedicated, revocable Purefeed API key with the least permissions available, and rotate it if it is exposed.
A created signal may keep monitoring and processing matches until the user disables or deletes it.
Creating a signal can establish ongoing scheduled monitoring in Purefeed. This persistence is central to the stated monitoring purpose, but users should know it continues after setup.
`POST /signals` — create signal with name + description + tags + color + cron + timezone (auto-activates)
Review new signal settings, cron/timezone, and active status after creation, and disable or delete monitors you no longer want.