← Back to Skills Marketplace
AI Opportunity Scout
by
avnikulin35
· GitHub ↗
· v1.0.0
451
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install opportunity-scout
Description
Find profitable business opportunities in any niche by scanning Twitter, web, Reddit, and Product Hunt for unmet needs and pain points. Scores each opportuni...
Usage Guidance
What to consider before installing: 1) The scoring script is benign and local-only — it just formats and ranks opportunities. 2) SKILL.md tells the agent to run external CLIs (notably 'bird' for Twitter and 'clawdhub') via shell exec; those tools typically require installation and stored credentials. The skill does not declare those prerequisites or any credential requirements, so the agent may try to use whatever local CLI config/tokens exist (which could expose or use your account). 3) If you plan to use this skill: verify what 'bird' and 'clawdhub' binaries do on your system, confirm where they read credentials from, and only run the skill in an environment where you trust those CLI configs. Alternatively, ask the skill to use authenticated API keys you control or to rely only on web_search queries (no exec). 4) Because the skill's source and homepage are unknown, exercise caution with network-enabled operations and prefer running it in a sandboxed agent or reviewing/limiting what tools the agent may exec.
Capability Analysis
Type: OpenClaw Skill
Name: opportunity-scout
Version: 1.0.0
The skill bundle is classified as suspicious due to the potential for shell injection. The `SKILL.md` instructs the AI agent to execute external commands (`bird search` and `clawdhub search`) via `exec`, passing user-controlled input (`[niche]`) directly into these commands. If the `bird` or `clawdhub` tools, or the agent's `exec` mechanism, do not properly sanitize this input, a malicious user could craft a `niche` string to execute arbitrary shell commands. This represents a significant vulnerability, even though the skill itself does not demonstrate explicit malicious intent like data exfiltration or backdoor installation.
Capability Assessment
Purpose & Capability
The name/description and the included scoring script are coherent for an 'opportunity scout'. However SKILL.md tells the agent to run external CLIs (bird, clawdhub) and use web_search/Reddit/ProductHunt. The skill declares no required binaries, no install steps, and requests no credentials — yet the instructions assume availability of tools that normally require installation and stored credentials. That omission is an inconsistency that could cause the agent to use local CLI configs or fail unexpectedly.
Instruction Scope
Instructions focus on web/Twitter/Product Hunt/Reddit searches and scoring, which is within stated scope. However the SKILL.md explicitly instructs exec of 'bird' (Twitter CLI) and 'clawdhub' which are shell commands that will perform network calls and may read local CLI config (tokens). The skill does not instruct reading arbitrary local files or env vars, but execing CLIs can implicitly access local credentials/config — the instructions should document this behavior and required credentials.
Install Mechanism
No install spec is provided (instruction-only plus a small scoring script). That is lowest-risk from an installation/extraction perspective. The included Python script is straightforward and local-only (scoring/report generation) with no hidden network calls, obfuscation, or extraction behavior.
Credentials
The skill declares no required environment variables or credentials, yet it attempts to query services (Twitter) via a CLI that typically requires authentication. This is disproportionate: either credentials should be declared (and scoped) or instructions should use unauthenticated web_search calls. The implicit reliance on local CLI-auth (which may use stored tokens) is a privacy/credential risk that is not documented.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no code that persists or escalates privileges. It appears to run only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install opportunity-scout - After installation, invoke the skill by name or use
/opportunity-scout - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: scan Twitter/web/Reddit for business opportunities, score by 4 criteria, generate ranked report
Metadata
Frequently Asked Questions
What is AI Opportunity Scout?
Find profitable business opportunities in any niche by scanning Twitter, web, Reddit, and Product Hunt for unmet needs and pain points. Scores each opportuni... It is an AI Agent Skill for Claude Code / OpenClaw, with 451 downloads so far.
How do I install AI Opportunity Scout?
Run "/install opportunity-scout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Opportunity Scout free?
Yes, AI Opportunity Scout is completely free (open-source). You can download, install and use it at no cost.
Which platforms does AI Opportunity Scout support?
AI Opportunity Scout is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Opportunity Scout?
It is built and maintained by avnikulin35 (@avnikulin35); the current version is v1.0.0.
More Skills