← Back to Skills Marketplace
MONK-EYE Engine
by
balkanblbn
· GitHub ↗
· v1.0.0
529
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install monk-eye-engine
Description
Specialized skill that deeply searches and synthesizes insights from niche forums to deliver strategic reports based on human-to-human intelligence.
Usage Guidance
This skill aims to scrape and synthesize forum content, including many hacking/gray-hat forums. Before installing: (1) inspect and fix the hard-coded paths—oracle_engine.py points to a different skill folder (global-forum-oracle), which may read files outside this package or simply fail; (2) consider whether you want an agent that tries to 'follow internal links' and access possibly private/credentialed pages—decide and implement explicit guards; (3) run it in a sandboxed environment and restrict network access if you’re uncomfortable with scraping questionable forums; (4) if you will allow autonomous invocation, prefer limiting scope or adding explicit policies preventing attempts to access private resources or to use host credentials; (5) verify authorship and provenance (source is unknown) and prefer skills from verifiable maintainers.
Capability Analysis
Type: OpenClaw Skill
Name: monk-eye-engine
Version: 1.0.0
The skill is classified as suspicious due to two main vulnerabilities. First, `scripts/oracle_engine.py` hardcodes a path to `forums.json` within a *different* skill's directory (`/root/.openclaw/workspace/skills/global-forum-oracle/forums.json`), creating a dependency vulnerability where a compromised or malicious external skill could dictate search targets. Second, `scripts/oracle_engine.py` constructs search queries using unsanitized user input (`user_query`) in the format `site:{domain} {user_query}`. While the script only prints these queries, if a downstream component (like the OpenClaw agent or a search tool) executes these strings without proper sanitization, it could lead to command injection.
Capability Assessment
Purpose & Capability
The skill claims to crawl niche forums and synthesize reports; package.json lists requests/beautifulsoup4 and the scripts generate site: queries and log deep crawling—these align with the stated purpose. However, the included monitored forum list contains many forums associated with illicit/gray-hat activity (exploit.in, antichat, blackhatworld, spyhackerz, turkhackteam, wickedfire), which is consistent with the description but increases the risk that outputs may include wrongdoing-related content. Also the code hard-codes absolute workspace paths (see below), which is odd for a portable skill.
Instruction Scope
SKILL.md explicitly describes 'infiltration' and 'following internal links to private documentation' and the code prints that it's following 'internal links to private documentation'—this suggests behavior beyond passive search (attempting to access linked/private resources). The runtime instructions do not limit or authorize use of credentials, but the wording could lead an agent to attempt to access restricted pages or aggregate sensitive data. The oracle script generates many site: search tasks which would be submitted to a search/browser tool—there is no explicit safeguard about accessing private or credential-protected content.
Install Mechanism
There is no external install script or remote download; dependencies are standard Python libs (requests, beautifulsoup4) listed in package.json and SKILL.md tells the user to pip-install them. Being instruction-only with local files reduces install risk. No URLs or install extracts are present.
Credentials
The skill declares no required env vars or credentials (which is consistent), but the code uses absolute file paths under /root/.openclaw/workspace/skills/ — monk_eye_core.py reads its own config at /root/.openclaw/.../monk_eye_config.json (reasonable though non-portable), while oracle_engine.py points to /root/.openclaw/workspace/skills/global-forum-oracle/forums.json (a different skill path). That cross-skill absolute path is incoherent with the provided forums.json in this package and could cause the skill to read files belonging to other skills or to fail in non-root installs. This is a notable red flag for unauthorized file access or misconfiguration.
Persistence & Privilege
The skill is not marked always:true and does not request elevated runtime privileges. Model invocation is allowed (default), so it can run autonomously when triggered. Autonomous invocation combined with the cross-skill file path and the 'infiltration' wording increases potential blast radius, but by itself persistence/privilege settings are normal.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install monk-eye-engine - After installation, invoke the skill by name or use
/monk-eye-engine - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the deep forum infiltration engine.
Metadata
Frequently Asked Questions
What is MONK-EYE Engine?
Specialized skill that deeply searches and synthesizes insights from niche forums to deliver strategic reports based on human-to-human intelligence. It is an AI Agent Skill for Claude Code / OpenClaw, with 529 downloads so far.
How do I install MONK-EYE Engine?
Run "/install monk-eye-engine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MONK-EYE Engine free?
Yes, MONK-EYE Engine is completely free (open-source). You can download, install and use it at no cost.
Which platforms does MONK-EYE Engine support?
MONK-EYE Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MONK-EYE Engine?
It is built and maintained by balkanblbn (@balkanblbn); the current version is v1.0.0.
More Skills