← Back to Skills Marketplace
Trawl
by
audsmith28
· GitHub ↗
· v1.0.2
2002
Downloads
2
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install trawl
Description
Autonomous lead generation through agent social networks. Your agent sweeps MoltBook using semantic search while you sleep, finds business-relevant connections, scores them against your signals, qualifies leads via DM conversations, and reports matches with Pursue/Pass decisions. Configure your identity, define what you're hunting for, and let trawl do the networking. Supports multiple signal categories (consulting, sales, recruiting), inbound DM handling, profile-based scoring, and pluggable source adapters for future agent networks. Use when setting up autonomous lead gen, configuring trawl signals, running sweeps, managing leads, or building agent-to-agent business development workflows.
Usage Guidance
This skill appears to do what it says: it searches MoltBook, scores profiles, opens/approves DMs, and stores leads locally. Before installing, consider: 1) Ensure you trust the MoltBook API and supply only the MOLTBOOK_API_KEY (keep it in ~/.clawdbot/secrets.env as instructed). 2) Confirm you have the required CLI tools (curl, jq, bc, column and standard date utilities) or the scripts will fail — the metadata does not declare these dependencies. 3) Review config.json especially auto_approve_inbound (defaults to false) to avoid auto-accepting inbound DMs unintentionally. 4) The skill writes state to ~/.config/trawl and reads ~/.clawdbot/secrets.env — verify those paths and the files before running. 5) The source is listed as unknown and there's no homepage; if provenance matters, prefer packages with a known author or repository. If you want higher confidence, ask the publisher for a canonical repo or signed release and/or run the scripts in a disposable environment first.
Capability Analysis
Type: OpenClaw Skill
Name: trawl
Version: 1.0.2
The skill is classified as suspicious due to `jq` injection vulnerabilities found in `scripts/leads.sh` and `scripts/report.sh`. In both scripts, user-controlled filter variables (`STATE_FILTER`, `CAT_FILTER`) are directly interpolated into `jq` filter expressions without proper escaping (e.g., `select(.value.state == "$STATE_FILTER")`). This flaw could allow an attacker to inject arbitrary `jq` syntax, potentially leading to unauthorized disclosure or manipulation of data within the local `leads.json` or `last-sweep-report.json` files. While the external API interactions are handled more securely with URL encoding and safe JSON construction, this internal data processing vulnerability is a significant concern.
Capability Assessment
Purpose & Capability
The skill claims to operate on MoltBook and only requests MOLTBOOK_API_KEY — that matches expectations. One minor inconsistency: the metadata lists no required binaries, but the shipped scripts clearly expect command-line tools (curl, jq, bc, column, date utilities). Declaring those would be appropriate.
Instruction Scope
SKILL.md and the scripts stick to the described lead-gen workflow: reading config (~/.config/trawl), reading the secrets file (~/.clawdbot/secrets.env) for MOLTBOOK_API_KEY, calling MoltBook endpoints, sending DM requests, and writing local state files (leads.json, seen-posts.json, conversations.json, sweep logs). There are no hidden external endpoints or attempts to read unrelated system credentials in the instructions.
Install Mechanism
There is no install spec (instruction-only with bundled scripts). That is low-risk from an installer perspective. Note: running setup.sh/sweep.sh will create files under ~/.config/trawl and read ~/.clawdbot/secrets.env — expected behavior for this tool but it will write to your home directory.
Credentials
Only MOLTBOOK_API_KEY is required and is justified by the MoltBook API usage. The scripts only read the declared secret (from the secrets.env path the README asks you to use) and local config files; they do not request unrelated cloud or platform credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It persists its own local state under ~/.config/trawl, which is appropriate for its stated function.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trawl - After installation, invoke the skill by name or use
/trawl - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
v1.0.2: Removed personal data from example config
v1.0.1
Security fix: metadata.clawdbot.requires.env declaration + defensive secrets loading
v1.0.0
Initial release: MoltBook semantic sweep, profile scoring, DM qualifying pipeline, inbound lead handling, category-filtered reports
Metadata
Frequently Asked Questions
What is Trawl?
Autonomous lead generation through agent social networks. Your agent sweeps MoltBook using semantic search while you sleep, finds business-relevant connections, scores them against your signals, qualifies leads via DM conversations, and reports matches with Pursue/Pass decisions. Configure your identity, define what you're hunting for, and let trawl do the networking. Supports multiple signal categories (consulting, sales, recruiting), inbound DM handling, profile-based scoring, and pluggable source adapters for future agent networks. Use when setting up autonomous lead gen, configuring trawl signals, running sweeps, managing leads, or building agent-to-agent business development workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 2002 downloads so far.
How do I install Trawl?
Run "/install trawl" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trawl free?
Yes, Trawl is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Trawl support?
Trawl is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Trawl?
It is built and maintained by audsmith28 (@audsmith28); the current version is v1.0.2.
More Skills