unclawg-feed

SUSPICIOUS. The business purpose is coherent, but the trust model is not: the skill requires an unverifiable uc_feed wrapper and forwards high-value OpenClaw machine credentials to it. That black-box dependency plus raw .env secret loading creates disproportionate supply-chain and credential-handling risk even though the API workflow itself appears aligned to approval routing.