Blogwatcher
PassAudited by ClawScan on May 1, 2026.
Overview
Blogwatcher is a coherent, purpose-aligned CLI skill for tracking RSS/blog updates, with the main thing to notice being that it installs the external Go tool using an unpinned latest version.
This skill appears safe for its stated purpose. Before installing, consider whether you are comfortable installing the external blogwatcher Go CLI from GitHub using @latest; pin a version if you need stricter supply-chain control.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing with @latest may fetch a newer version of the blogwatcher CLI than the one implicitly expected when the skill was published.
The skill installs an external Go CLI using the moving @latest version. This is purpose-aligned, but users should be aware the reviewed artifact does not pin the exact dependency version.
Go: `go install github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest`
If reproducibility matters, install a specific trusted version of the blogwatcher module instead of @latest.