← Back to Skills Marketplace
154
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install viboscope
Description
Use this skill when the user wants to find people they'll click with — cofounders, project partners, mastermind groups, friends, or anyone — based on deep ps...
Usage Guidance
Before installing or running this skill, consider the following:
- It will read files from your current workspace (README, bios, git config, other files) and use conversation history to build a profile. Do not run it in repositories or folders containing secrets, private keys, or confidential data.
- It stores an API key on disk at data/.api_key (and suggests .env or project-root storage for IDEs). Storing credentials in project directories risks accidental commits — prefer a secure secrets store or a location ignored by git, and verify the file is not committed.
- The SKILL.md includes a self-update step that downloads a skill file into .claude/skills — this modifies agent files and could persist changes. If you allow that, review the downloaded file before executing it.
- Prefer running onboarding and profile-collection in a sanitized directory or in a web-chat context where you can control how keys are provided (the web flow requires manual saving of api_key).
- If you decide to proceed, ask the skill (or its author) to: (1) document exactly which workspace paths it will read, (2) avoid silent scanning of entire workspaces or at least request permission first, (3) recommend secure storage (and .gitignore) for api keys, and (4) avoid writing to global agent skill directories without explicit user approval.
Given these gaps between what the skill says it does and the amount of local access it requests, treat it as suspicious until you can confirm safe storage locations and explicit file-access behavior.
Capability Analysis
Type: OpenClaw Skill
Name: viboscope
Version: 4.0.0
The 'viboscope' skill bundle (v4.0.0) facilitates psychological matching by scanning local workspace files (git configs, READMEs, and project bios) and interacting with a remote API (viboscope.com). While the instructions in SKILL.md include security measures like XML-escaping untrusted data and protecting API keys, the skill possesses high-risk capabilities such as a self-update mechanism via curl and an 'autonomous mode' for chatting on the user's behalf. The 'silent' context gathering and the potential for broad data collection from the local environment, combined with remote update functionality, align with the criteria for a suspicious classification despite the lack of clear evidence of intentional malice.
Capability Assessment
Purpose & Capability
Matchmaking can legitimately use user-provided profile text and recent conversation context, but the skill explicitly instructs scanning the entire workspace (README, bios, git config) and platform profile data. That level of file access may be useful for richer profiles but is broader than the one-line description suggests and could expose unrelated sensitive data (secrets, private repo files).
Instruction Scope
SKILL.md directs the agent to 'gather context silently' by reading conversation history and arbitrary files in the current workspace (including git config and bios) and to store and read credentials from data/.api_key. These are explicit file I/O operations and silent data collection steps that expand the agent's scope beyond simply asking the user questions. The instruction to never show the API key but to read it from disk is also present; overall the instructions grant wide discretion to read and persist local data.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code, so there is no package install or remote binary execution specified. That lowers supply-chain risk. However, the skill instructs saving/updating a local skill file via curl to .claude/skills, which is a file-modification action (see persistence).
Credentials
The manifest declares no required environment variables, yet the runtime instructions require reading and writing a local API key file (data/.api_key) and recommend storing api_key or .env in project root for IDEs. Storing credentials in project directories (and reading arbitrary workspace files) is disproportionate and may lead to accidental leakage (e.g., committing secrets). No safeguards (e.g., recommend .gitignore) are mandated.
Persistence & Privilege
The skill will create and write files in the user's workspace (data/.api_key, data/profile.yaml) and suggests a self-update curl command that writes to .claude/skills/viboscope.md. Writing into agent skill directories or project roots gives it persistent presence and the ability to modify agent behavior or persist secrets, which increases risk beyond transient in-memory operations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install viboscope - After installation, invoke the skill by name or use
/viboscope - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.0
North Star v1.0: 10 dimensions, 7 contexts, insufficient_data handling, invite links, sharing cards
v3.5.0
Strict onboarding for all platforms: MUST rules, one question at a time, 50% threshold
v3.4.0
Pagination fix, attachment/communication scoring, conversations detail, mentor legacy tags, limit docs
v3.3.0
P-1..P-9 fixes: field validation with names, interests Jaccard+synonyms, conversations fix, attachment scoring, role_diversity, CLWM->VIBS, mentor split, pagination docs
v3.2.0
QA bugfixes: VARCHAR sizes, field saving, structured errors, gender_filter, values inflation, CLWM->VIBS, POST /messages docs
v3.1.1
QA fixes: work_style keys sync, merge rules, completeness formula, gender filter, hackathon context, bipolar items, privacy rules
v3.1.0
Viboscope v3.1.0. Rebranded from ClawMatch. Progressive onboarding, 5 validated questionnaires, multi-language support, LLM anti-hallucination.
Metadata
Frequently Asked Questions
What is Viboscope?
Use this skill when the user wants to find people they'll click with — cofounders, project partners, mastermind groups, friends, or anyone — based on deep ps... It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.
How do I install Viboscope?
Run "/install viboscope" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Viboscope free?
Yes, Viboscope is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Viboscope support?
Viboscope is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Viboscope?
It is built and maintained by Lifegamer (@ivankoriako); the current version is v4.0.0.
More Skills