← 返回 Skills 市场

Scout

Name: Scout
Author: indigokarasu

作者 Indigo Karasu · GitHub ↗ · v2.3.0 · MIT-0

cross-platform ⚠ suspicious

402

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ocas-scout

功能描述

Structured OSINT research on people, companies, and organizations. Use when the user wants a provenance-backed brief, entity resolution across public sources...

安全使用建议

What to check before installing or enabling this skill: - Confirm origin: the SKILL.md points to a GitHub repo (indigokarasu/scout). Review that repository yourself to verify the code and to confirm how (or whether) the cron self-update and scout.init behaviors are implemented. An instruction-only bundle here cannot actually register cron jobs itself unless the platform or a fetched repo does so. - Ask the author to clarify declared filesystem permissions: SKILL.md says Scout will write Signal files to ~/openclaw/db/ocas-elephas/intake/, but skill.json only lists read/write for ~/openclaw/data/ocas-scout/ and ~/openclaw/journals/ocas-scout/. If the skill will place files in Elephas' intake directory, that write access should be declared and you should consent to cross-skill writes. - Be cautious about persistence/self-update: the skill claims to register a nightly self-update cron job. Decide if you want an auto-updating skill (it changes behavior over time). If you allow updates, verify the update source (the GitHub repo and release mechanism) and whether updates are signed/verified. - Data handling and privacy: Scout will store research results and journals locally and emit Signal files (which may contain PII) to an intake directory. Confirm retention settings (default retention: 90 days) and where backups or exports go. Ensure you understand and approve these local writes before use. - Tier 3 paid sources: do not enable paid-source escalation without explicit policy and credential handling controls. The skill claims Tier 3 requires a PermissionGrant; verify the implementation enforces that hard stop. - If you cannot inspect the upstream repo, treat this as higher risk: avoid enabling self-update and cross-skill writes until provenance and implementation details are verified. If the author can confirm and correct the declared filesystem permissions and explain exactly how/where cron registration and self-updates occur (and you inspect the upstream code), the remaining concerns are addressable.

功能分析

Type: OpenClaw Skill Name: ocas-scout Version: 2.3.0 The skill implements a high-risk self-update mechanism (scout.update) in SKILL.md that uses shell commands to download, extract, and overwrite its own code from a remote GitHub repository. It also automatically establishes persistence by registering a daily cron job to execute this update. While these features are documented as part of the tool's lifecycle management, the combination of self-modifying code, automated remote execution, and cross-directory writes to other skill databases (~/openclaw/db/ocas-elephas/) constitutes a significant security risk without further sandboxing.

能力评估

✓ Purpose & Capability

Name, description, and runtime instructions consistently describe an OSINT research skill (tiered source waterfall, provenance, minimization, journaling, and emitting structured Signal files). Requested permissions (local data and journal storage) are appropriate for a research skill.

⚠ Instruction Scope

SKILL.md instructs the agent to emit Signal files into another skill's intake path (~/openclaw/db/ocas-elephas/intake/...), and to register a nightly cron self-update job via scout.init. The skill.json filesystem declares read/write only for data and journals, not the Elephas intake or cron configuration. Writing signals into another skill's directory and registering cron jobs are side effects that extend scope and should be explicitly declared and consented to.

ℹ Install Mechanism

This is an instruction-only skill with no install spec or code files (lowest install risk). However SKILL.md/README mention self-update and include an 'install' call (openclaw skill install https://github.com/indigokarasu/scout) and claim scout.init will register a cron job — behaviors that imply install-time or privileged actions but have no implementation bundled here. That mismatch should be clarified.

✓ Credentials

No environment variables or credentials are required up-front. Tier 3 paid sources are explicitly gated behind recorded PermissionGrant and config flags, which is proportionate. No unrelated credentials are requested.

⚠ Persistence & Privilege

Skill.json grants local data/journal read-write and storage layout shows local retention. The README and SKILL.md additionally claim automatic daily self-update (cron) and ongoing signal emission to Elephas. Automatic self-updates and cron registration increase persistence and attack surface yet are not reflected in an install script here — this is a privilege mismatch worth clarifying before enabling.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ocas-scout
安装完成后，直接呼叫该 Skill 的名称或使用 /ocas-scout 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.3.0

ocas-scout 2.3.0 — Adds initialization routine, automatic self-update, and GitHub source referencing. - Introduces `scout.init` to set up storage, data files, output folders, and cron jobs on first use. - Adds `scout.update` command for automatic self-update from GitHub; now includes source and install instructions in metadata. - Signals are now always emitted to Elephas for confirmed entities/relationships with new schema and path requirements. - Skill metadata expanded: includes trigger phrases, usage reminders, and enhanced initialization guidance. - Documentation updates: clearer output requirements, background task schedules, and setup steps.

v2.0.0

- Added support for research journaling with the new `scout.journal` command; outputs an Observation/Research Journal at end of every run. - Introduced references/journal.md describing journal outputs and guidance. - Updated storage layout to include per-run journals under ~/openclaw/journals/ocas-scout/. - Expanded skill interface section: clarified inter-skill connections, especially optional Signal emission for Elephas. - Config json and workflow descriptions updated for tier controls, retention, and output format management. - Clarified skill boundaries, OKRs, and responsibility, improving guidance for lawful, provenance-backed OSINT research.

v1.1.1

- Expanded documentation detailing lawful OSINT research workflow, escalation tiers, and provenance requirements. - Clarified core promise, invariants, and strict constraints for source usage and privacy. - Added explicit input contract, research workflow steps, and output requirements. - Described config options for source tiering, retention, and brief formatting. - Included file map and directory structure for supporting references and outputs. - Provided validation rules to enforce legality, provenance, and minimization at each stage.

元数据

Slug ocas-scout

版本 2.3.0

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 3

常见问题

Scout 是什么？

Structured OSINT research on people, companies, and organizations. Use when the user wants a provenance-backed brief, entity resolution across public sources... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 402 次。

如何安装 Scout？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ocas-scout」即可一键安装，无需额外配置。

Scout 是免费的吗？

是的，Scout 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Scout 支持哪些平台？

Scout 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Scout？

由 Indigo Karasu（@indigokarasu）开发并维护，当前版本 v2.3.0。