← Back to Skills Marketplace
yaooooooooooooooo

Scout

by yaooooooooooooooo · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1342
Downloads
0
Stars
8
Active Installs
2
Versions
Install in OpenClaw
/install scout
Description
Agent trust intelligence for Moltbook and x402 Bazaar. Use when you need to check if an agent or service is trustworthy before paying, compare agents side-by-side, scan feeds for quality agents, or make trust-gated USDC payments. Answers the question "should I pay this agent?" with research-backed scoring across 6 dimensions.
Usage Guidance
What to consider before installing or running Scout: - Metadata mismatch: The registry metadata claims no required env vars/binaries, but SKILL.md and the code require Node/npm and a MOLTBOOK_API_KEY (and optionally a SCOUT_PRIVATE_KEY for payments). Treat the SKILL.md/code as authoritative and do NOT assume no secrets are needed. - Sensitive credentials: MOLTBOOK_API_KEY is required for almost every script and grants read/write access to Moltbook endpoints (the DM bot posts replies). Only provide this key if you trust the code and run it in a controlled environment. SCOUT_PRIVATE_KEY is a private wallet key — only supply a throwaway/dedicated payment key with limited funds and permissions, never your primary wallet key. - Prefer the hosted API when possible: Using the public API at https://scoutscore.ai avoids giving this environment your Moltbook API key or private key. If you only need a quick score, call the remote API rather than running local scripts. - Inspect and sandbox: If you plan to run local scripts, review the scripts that will run (dm-bot, api-server, safe-pay). Run them in a sandboxed environment or container, with network access restricted if you don't want outgoing requests. Be aware that the dm-bot will read and send DMs using the provided API key. - Use dry-run and limited keys: For payment testing, use the --dry-run option and a testnet wallet with only small amounts. Consider creating a Moltbook API key with minimal permissions if the platform supports it. - Verify provenance: The SKILL.md links to scoutscore.ai and a GitHub repo, but the package/demo pages include an oddly truncated GitHub CTA (possible mismatch). Try to find the canonical project repo and confirm the publisher before trusting secrets to this code. If you want, I can list the exact files and lines that require MOLTBOOK_API_KEY and SCOUT_PRIVATE_KEY, or suggest a safe checklist and a sandbox command set to run the scripts with minimal risk.
Capability Analysis
Type: OpenClaw Skill Name: scout Version: 1.0.2 The skill bundle is classified as suspicious due to its inherent high-risk capabilities, specifically the handling of a `SCOUT_PRIVATE_KEY` for initiating on-chain USDC transactions via `scripts/safe-pay.js` and `scripts/lib/usdc.js`. While these actions are explicitly aligned with the stated purpose of 'trust-gated USDC payments,' the direct management of private keys and execution of financial transactions constitutes a significant risk. Additionally, the skill performs extensive external network calls to various blockchain explorers (e.g., `api-sepolia.basescan.org`, `api.etherscan.io`) and the Moltbook API (`moltbook.com`) for data collection and analysis, which, though necessary for its functionality, broadens its attack surface. There is no clear evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence, or prompt injection against the OpenClaw agent in the `SKILL.md`.
Capability Assessment
Purpose & Capability
The skill claims to be an 'agent trust intelligence' tool and the code implements Moltbook scoring, graph/on‑chain analysis, DM replying, and trust‑gated USDC payments — these capabilities are coherent with the description. However the registry metadata lists no required environment variables or binaries, while the SKILL.md and the code require a MOLTBOOK_API_KEY (and optionally SCOUT_PRIVATE_KEY for payments) and expect Node/npm to run the scripts. That mismatch between declared metadata and the actual runtime requirements is inconsistent and could mislead users about what secrets and runtime are needed.
Instruction Scope
SKILL.md shows two usage modes: (1) calling the public API at scoutscore.ai (no secrets) and (2) running local Node scripts that call Moltbook endpoints, read/write temporary files (/tmp/*.json), scan feeds, reply to DMs, and perform deep analysis including optional on‑chain wallet analysis. The instructions direct the agent/operator to provide MOLTBOOK_API_KEY and, for payments, a private key. The local scripts will post to Moltbook API endpoints and (if provided) use a wallet key to sign/send USDC. There is no instruction to exfiltrate data to unknown/personal endpoints, but the DM bot will read and send messages using the provided API key — a sensitive action that should be explicitly consented to.
Install Mechanism
There is no formal install spec in the registry (the skill is labelled instruction-only), but the repository contains package.json and package-lock.json with dependencies (ethers, @neondatabase/serverless, etc.). Running the local scripts will require Node and installing npm packages; the metadata did not declare Node or an install step. The npm packages are from the public registry (no suspicious direct downloads), but the absence of an install instruction and missing declared binaries is an inconsistency users should be aware of.
Credentials
The code and SKILL.md require MOLTBOOK_API_KEY for Moltbook access and optionally a SCOUT_PRIVATE_KEY (wallet private key) for making USDC payments. Those credentials are proportionate to the advertised features (scoring, DM replies, and trust‑gated payments). However the registry metadata advertised 'Required env vars: none', which is incorrect. Requesting a raw private key (SCOUT_PRIVATE_KEY) is particularly sensitive — acceptable if the user intends to let the skill sign/send funds, but risky if users provide their primary wallet key without isolating it or using a dedicated payment key.
Persistence & Privilege
The skill is not always-included and doesn't request unusual platform privileges. But several included components (api-server, dm-bot, safe-pay) are capable of autonomous actions when run: the DM bot reads unread messages and posts replies via the Moltbook API; the API server exposes endpoints and would require the API key to operate; safe-pay can sign/send payments if given a private key. Those runtime capabilities increase impact if secrets are provided or the scripts are run in an environment with network access — this is expected functionality but users should be explicit about where and when they run those components.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install scout
  3. After installation, invoke the skill by name or use /scout
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Cleaned up: removed duplicate files and unrelated scripts
v1.0.0
Scout 1.0.0 – Agent trust intelligence tools for Moltbook and x402 Bazaar - Initial release with API and script-based tools to assess and compare agent trustworthiness. - Provides research-backed scoring across 6 trust dimensions, with explanations. - Features trust-gated USDC payments, agent feed scanning, and DM response bot for trust reports. - Detailed documentation on commands, trust levels, and environment variables included.
Metadata
Slug scout
Version 1.0.2
License
All-time Installs 8
Active Installs 8
Total Versions 2
Frequently Asked Questions

What is Scout?

Agent trust intelligence for Moltbook and x402 Bazaar. Use when you need to check if an agent or service is trustworthy before paying, compare agents side-by-side, scan feeds for quality agents, or make trust-gated USDC payments. Answers the question "should I pay this agent?" with research-backed scoring across 6 dimensions. It is an AI Agent Skill for Claude Code / OpenClaw, with 1342 downloads so far.

How do I install Scout?

Run "/install scout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Scout free?

Yes, Scout is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Scout support?

Scout is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Scout?

It is built and maintained by yaooooooooooooooo (@yaooooooooooooooo); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments