← Back to Skills Marketplace
Scout
by
Indigo Karasu
· GitHub ↗
· v2.3.0
· MIT-0
402
Downloads
1
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install ocas-scout
Description
Structured OSINT research on people, companies, and organizations. Use when the user wants a provenance-backed brief, entity resolution across public sources...
Usage Guidance
What to check before installing or enabling this skill:
- Confirm origin: the SKILL.md points to a GitHub repo (indigokarasu/scout). Review that repository yourself to verify the code and to confirm how (or whether) the cron self-update and scout.init behaviors are implemented. An instruction-only bundle here cannot actually register cron jobs itself unless the platform or a fetched repo does so.
- Ask the author to clarify declared filesystem permissions: SKILL.md says Scout will write Signal files to ~/openclaw/db/ocas-elephas/intake/, but skill.json only lists read/write for ~/openclaw/data/ocas-scout/ and ~/openclaw/journals/ocas-scout/. If the skill will place files in Elephas' intake directory, that write access should be declared and you should consent to cross-skill writes.
- Be cautious about persistence/self-update: the skill claims to register a nightly self-update cron job. Decide if you want an auto-updating skill (it changes behavior over time). If you allow updates, verify the update source (the GitHub repo and release mechanism) and whether updates are signed/verified.
- Data handling and privacy: Scout will store research results and journals locally and emit Signal files (which may contain PII) to an intake directory. Confirm retention settings (default retention: 90 days) and where backups or exports go. Ensure you understand and approve these local writes before use.
- Tier 3 paid sources: do not enable paid-source escalation without explicit policy and credential handling controls. The skill claims Tier 3 requires a PermissionGrant; verify the implementation enforces that hard stop.
- If you cannot inspect the upstream repo, treat this as higher risk: avoid enabling self-update and cross-skill writes until provenance and implementation details are verified.
If the author can confirm and correct the declared filesystem permissions and explain exactly how/where cron registration and self-updates occur (and you inspect the upstream code), the remaining concerns are addressable.
Capability Analysis
Type: OpenClaw Skill
Name: ocas-scout
Version: 2.3.0
The skill implements a high-risk self-update mechanism (scout.update) in SKILL.md that uses shell commands to download, extract, and overwrite its own code from a remote GitHub repository. It also automatically establishes persistence by registering a daily cron job to execute this update. While these features are documented as part of the tool's lifecycle management, the combination of self-modifying code, automated remote execution, and cross-directory writes to other skill databases (~/openclaw/db/ocas-elephas/) constitutes a significant security risk without further sandboxing.
Capability Assessment
Purpose & Capability
Name, description, and runtime instructions consistently describe an OSINT research skill (tiered source waterfall, provenance, minimization, journaling, and emitting structured Signal files). Requested permissions (local data and journal storage) are appropriate for a research skill.
Instruction Scope
SKILL.md instructs the agent to emit Signal files into another skill's intake path (~/openclaw/db/ocas-elephas/intake/...), and to register a nightly cron self-update job via scout.init. The skill.json filesystem declares read/write only for data and journals, not the Elephas intake or cron configuration. Writing signals into another skill's directory and registering cron jobs are side effects that extend scope and should be explicitly declared and consented to.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lowest install risk). However SKILL.md/README mention self-update and include an 'install' call (openclaw skill install https://github.com/indigokarasu/scout) and claim scout.init will register a cron job — behaviors that imply install-time or privileged actions but have no implementation bundled here. That mismatch should be clarified.
Credentials
No environment variables or credentials are required up-front. Tier 3 paid sources are explicitly gated behind recorded PermissionGrant and config flags, which is proportionate. No unrelated credentials are requested.
Persistence & Privilege
Skill.json grants local data/journal read-write and storage layout shows local retention. The README and SKILL.md additionally claim automatic daily self-update (cron) and ongoing signal emission to Elephas. Automatic self-updates and cron registration increase persistence and attack surface yet are not reflected in an install script here — this is a privilege mismatch worth clarifying before enabling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ocas-scout - After installation, invoke the skill by name or use
/ocas-scout - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.0
ocas-scout 2.3.0 — Adds initialization routine, automatic self-update, and GitHub source referencing.
- Introduces `scout.init` to set up storage, data files, output folders, and cron jobs on first use.
- Adds `scout.update` command for automatic self-update from GitHub; now includes source and install instructions in metadata.
- Signals are now always emitted to Elephas for confirmed entities/relationships with new schema and path requirements.
- Skill metadata expanded: includes trigger phrases, usage reminders, and enhanced initialization guidance.
- Documentation updates: clearer output requirements, background task schedules, and setup steps.
v2.0.0
- Added support for research journaling with the new `scout.journal` command; outputs an Observation/Research Journal at end of every run.
- Introduced references/journal.md describing journal outputs and guidance.
- Updated storage layout to include per-run journals under ~/openclaw/journals/ocas-scout/.
- Expanded skill interface section: clarified inter-skill connections, especially optional Signal emission for Elephas.
- Config json and workflow descriptions updated for tier controls, retention, and output format management.
- Clarified skill boundaries, OKRs, and responsibility, improving guidance for lawful, provenance-backed OSINT research.
v1.1.1
- Expanded documentation detailing lawful OSINT research workflow, escalation tiers, and provenance requirements.
- Clarified core promise, invariants, and strict constraints for source usage and privacy.
- Added explicit input contract, research workflow steps, and output requirements.
- Described config options for source tiering, retention, and brief formatting.
- Included file map and directory structure for supporting references and outputs.
- Provided validation rules to enforce legality, provenance, and minimization at each stage.
Metadata
Frequently Asked Questions
What is Scout?
Structured OSINT research on people, companies, and organizations. Use when the user wants a provenance-backed brief, entity resolution across public sources... It is an AI Agent Skill for Claude Code / OpenClaw, with 402 downloads so far.
How do I install Scout?
Run "/install ocas-scout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Scout free?
Yes, Scout is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Scout support?
Scout is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Scout?
It is built and maintained by Indigo Karasu (@indigokarasu); the current version is v2.3.0.
More Skills