GARSS Studio RSS API
PassAudited by ClawScan on May 3, 2026.
Overview
This is a coherent RSS API helper, but it can log in to GARSS, start a local Docker stack, and documents endpoints that can change RSS settings or subscriptions.
Install or use this skill if you trust the GARSS Studio project and need an agent to read RSS data through its API. Before use, confirm the base URL is local or otherwise trusted, keep the access code and Bearer token private, approve any Docker startup explicitly, and require confirmation before any subscription, category, or settings changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this setup can change the local machine state and leave GARSS services running in the background.
The skill may have the agent download and build/run a local Docker development stack when live data is requested. This is disclosed and purpose-aligned, but it executes external project code and starts background containers.
If the repository is not present, clone `https://github.com/zhaoolee/garss` first... `docker compose -f docker-compose.dev.yml up --build -d`
Only allow the Docker startup after confirming you trust the GARSS repository and want the local stack started; stop the containers when finished if you do not want them to persist.
Anyone with the access code or token could access protected GARSS endpoints for that service.
The skill authenticates with an access code and then uses a Bearer token for protected endpoints. This is expected for the GARSS API, and the skill also says not to expose tokens in final answers.
`POST "$BASE_URL/api/auth/login"` ... `-d '{"accessCode":"banana"}'` ... `Authorization: Bearer <token>`Use this only with a trusted GARSS base URL, replace the default local development access code for real deployments, and keep access codes and Bearer tokens private.
If used without care, the authenticated API could alter RSS subscriptions, categories, settings, or cached reader data.
The API reference documents endpoints that can create, update, or delete RSS subscriptions and change settings, even though the main skill workflow emphasizes reading and summarizing.
`POST` `/api/subscriptions`; `PUT` `/api/subscriptions/{id}`; `DELETE` `/api/subscriptions/{id}` | Delete subscription and cached reader data; `PUT` `/api/settings`Require clear user intent and confirmation before using any create, update, delete, or settings-changing endpoint.