Subfeed
WarnAudited by ClawScan on May 10, 2026.
Overview
Subfeed is a disclosed cloud-agent setup skill, but it asks the agent to fetch live unreviewed instructions and create persistent Subfeed agent/entity accounts with powerful tokens.
Use this skill only if you intentionally want your IDE agent to create and manage Subfeed cloud agents/entities. Before use, review the live remote docs, decide whether the agent may create accounts or save tokens, avoid giving full human API keys unless necessary, and require explicit approval for entity changes, addon activation, RAG uploads, MCP connections, webhooks, and deletion actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The behavior of the skill could change between sessions without a new reviewed package being installed.
The reviewed skill delegates future session instructions/API details to a mutable remote Markdown file, so the agent may follow content that was not part of this review.
IMPORTANT: Always re-fetch this file at the start of each session for the latest API surface. GET https://subfeed.app/skill.md
Pin the skill instructions to a reviewed version and require user confirmation before following newly fetched remote instructions.
A persistent cloud agent/entity could be created and continue to exist outside the immediate local task unless the user explicitly manages or removes it.
The default workflow asks the agent to create its own external identity and cloud AI entity, with human involvement described as optional.
Your IDE agent will self-register and start building. Human is optional. Follow this flow to register an agent account for yourself on Subfeed, create your AI Entity, then onboard your human.
Require explicit user approval before agent registration, entity creation, token saving, or any ongoing autonomous operation; document how to revoke tokens and delete created entities.
If the agent receives these credentials, it may be able to create, modify, or delete Subfeed resources for the account, not just perform a narrow setup action.
The artifact says the human API key has full account access and that agent tokens work identically for API calls, which is broad authority for an IDE agent.
Both token types work identically: - `sf_live_*` — human API key (full account with dashboard) - `sf_agent_*` — agent token (no dashboard)
Use least-privilege tokens where possible, avoid sharing full human API keys unless necessary, and require confirmation for account-level or destructive operations.
An agent with credentials could make significant changes to Subfeed-hosted entities or enable capabilities that affect data exposure and execution behavior.
The documented API surface includes mutation, deletion, and enabling powerful addons such as code execution; the artifact does not set clear per-action approval limits beyond asking permission before collecting a human email.
POST /v1/entity — Create entity
PATCH /v1/entity/{id} — Update entity
DELETE /v1/entity/{id} — Delete entity
POST /v1/entity/{id}/addons — Enable addon
Available: `web_search`, `code_execution`, `image_gen`, `image_input`, `streaming`, `web_scrape`, `web_screenshot`, `web_extract`Set an approval policy requiring user confirmation for create/update/delete actions, addon activation, code-execution capability, webhooks, and any public exposure.
Private prompts, uploaded knowledge, or project context may become cloud-hosted data reused by the Subfeed entity.
The artifact clearly discloses that messages, entity configuration, and optional RAG content are sent to and stored by Subfeed Cloud.
`https://api.subfeed.app/*` | All API calls | Entity configs, messages, RAG content
Do not send sensitive project or personal data unless you accept Subfeed Cloud storage and retention; use narrow RAG content and review deletion controls.
If enabled later, external services may send data into the Subfeed entity or allow it to act through connected tools.
The skill points to optional MCP and webhook capabilities that can connect external services, but the reviewed artifact does not include detailed identity or data-boundary rules for those integrations.
- **MCP** — Connect tools (GitHub, Slack, Notion): https://subfeed.app/skill/mcp.md - **Webhook** — Accept external service payloads: https://subfeed.app/skill/webhook.md
Review the MCP and webhook sub-skill instructions before enabling them, and grant only narrowly scoped external-service permissions.