GARSS Studio RSS API
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: garss-studio-rss-api Version: 1.0.0 The skill provides a legitimate interface for an AI agent to interact with the GARSS Studio RSS API. It includes instructions for local service startup via Docker and standard REST API interactions for reading and managing RSS feeds. The instructions are well-defined and aligned with the stated purpose of managing a self-hosted RSS reader instance (https://github.com/zhaoolee/garss).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this setup can change the local machine state and leave GARSS services running in the background.
The skill may have the agent download and build/run a local Docker development stack when live data is requested. This is disclosed and purpose-aligned, but it executes external project code and starts background containers.
If the repository is not present, clone `https://github.com/zhaoolee/garss` first... `docker compose -f docker-compose.dev.yml up --build -d`
Only allow the Docker startup after confirming you trust the GARSS repository and want the local stack started; stop the containers when finished if you do not want them to persist.
Anyone with the access code or token could access protected GARSS endpoints for that service.
The skill authenticates with an access code and then uses a Bearer token for protected endpoints. This is expected for the GARSS API, and the skill also says not to expose tokens in final answers.
`POST "$BASE_URL/api/auth/login"` ... `-d '{"accessCode":"banana"}'` ... `Authorization: Bearer <token>`Use this only with a trusted GARSS base URL, replace the default local development access code for real deployments, and keep access codes and Bearer tokens private.
If used without care, the authenticated API could alter RSS subscriptions, categories, settings, or cached reader data.
The API reference documents endpoints that can create, update, or delete RSS subscriptions and change settings, even though the main skill workflow emphasizes reading and summarizing.
`POST` `/api/subscriptions`; `PUT` `/api/subscriptions/{id}`; `DELETE` `/api/subscriptions/{id}` | Delete subscription and cached reader data; `PUT` `/api/settings`Require clear user intent and confirmation before using any create, update, delete, or settings-changing endpoint.