← Back to Skills Marketplace
ConvoYield
by
John DeVere Cooley
· GitHub ↗
· v1.0.0
406
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install opencrawl
Description
Conversational Yield Optimization Engine — treats every bot conversation as a yield-bearing financial instrument. Five zero-cost engines detect sentiment arb...
Usage Guidance
This package is inconsistent with its README/skill metadata: it advertises 'zero dependencies' and 'local-only', yet contains a cloud server, telemetry that can POST analytics, Stripe/billing hooks, and code that will create a local DB. Before installing or running: 1) Inspect convoyield/__init__.py and orchestrator to see whether telemetry is instantiated automatically; search the repo for uses of the Telemetry class and for outbound network calls (urllib.request.urlopen / Request). 2) Do not run 'server' on a public host without auditing env vars (STRIPE_*, DATABASE_URL) and confirming you want a locally hosted API and dashboard. 3) Run in an isolated environment (fresh venv or container) and avoid supplying secrets (Stripe keys, DB credentials) until you understand billing behavior. 4) If you only want the local analyzer, search for and disable telemetry (look for Telemetry(...) calls or an ENABLE_TELEMETRY toggle) or modify code to prevent any network calls. 5) If possible, ask the author or check the repo README for explicit notes about telemetry defaults and the intended offline mode. These steps will reduce the risk of accidental data transmission or unwanted persistent resources.
Capability Analysis
Type: OpenClaw Skill
Name: opencrawl
Version: 1.0.0
The skill bundle is classified as suspicious due to significant discrepancies between its advertised capabilities and its actual implementation, constituting a form of prompt injection against the AI agent. The `SKILL.md` and `README.md` explicitly claim 'Zero external dependencies' and 'Zero API calls', yet the code includes a full 'ConvoYield Cloud' API server (`cloud/server.py`) with external dependencies (FastAPI, Uvicorn, Pydantic, Psycopg2, Stripe) and a telemetry client (`cloud/telemetry.py`) that sends 'anonymized yield data' (business intelligence derived from conversations) to a configurable endpoint, including an API key. Furthermore, a P2P networking stack (`convoyield/coin/network/node.py`) is present, enabling arbitrary network connections, which is completely undisclosed in the documentation. The local server and configurable webhook functionality also introduce potential risks for SSRF or data exfiltration if the agent is instructed to run these components with malicious parameters.
Capability Assessment
Purpose & Capability
SKILL.md promises 'Zero external dependencies', 'Zero API calls', and purely local analysis, but the repository contains a FastAPI cloud server, Stripe billing integration, PostgreSQL/Postgres client code (psycopg2), a telemetry phone‑home module, and other subsystems (web dashboard, webhooks, ConvoCoin/token code). Those components are not necessary for a simple local conversation analyzer and contradict the advertised 'zero infrastructure' claim.
Instruction Scope
The runtime instructions (SKILL.md) instruct local use, but the codebase includes a telemetry sender that can POST aggregated analytics to a server, a CLI that can register API keys with a server, and a cloud server that stores telemetry and manages keys and billing. SKILL.md does not disclose these network/db/billing behaviors or when/if telemetry is enabled, creating scope creep and potential data exfiltration risk if the telemetry is used.
Install Mechanism
There is no install spec (instruction-only from the registry), which reduces installer risk. However, the repository contains many Python modules that import optional third‑party packages (fastapi, stripe, psycopg2, uvicorn). Running server/CLI features will require installing those packages and may write files to disk (e.g., ~/.convoyield/analytics.db). No external download URLs or archive extraction were found in the install metadata.
Credentials
The skill declares no required env vars, but code references multiple environment variables (DATABASE_URL, CONVOYIELD_DB, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, STRIPE_PRICE_*, BASE_URL, etc.). Those env vars permit database connections and billing/payment configuration; requesting or using them is disproportionate to the SKILL.md claim of a self-contained local analyzer and is not documented in the SKILL.md metadata.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). Still, runtime components can create persistent state (SQLite at ~/.convoyield/analytics.db by default), run an HTTP server exposing endpoints, and manage API keys/billing. Running the CLI/server will open network ports and create local persistent data which increases blast radius if misconfigured; this is not documented in SKILL.md.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install opencrawl - After installation, invoke the skill by name or use
/opencrawl - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is ConvoYield?
Conversational Yield Optimization Engine — treats every bot conversation as a yield-bearing financial instrument. Five zero-cost engines detect sentiment arb... It is an AI Agent Skill for Claude Code / OpenClaw, with 406 downloads so far.
How do I install ConvoYield?
Run "/install opencrawl" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ConvoYield free?
Yes, ConvoYield is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ConvoYield support?
ConvoYield is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).
Who created ConvoYield?
It is built and maintained by John DeVere Cooley (@jcools1977); the current version is v1.0.0.
More Skills