← 返回 Skills 市场
138
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install openclaw-intelligence-broker
功能描述
An autonomous intelligence broker agent optimized for safe, batched mining. Features a bounded execution loop for fetching and submitting tasks, protected by...
安全使用建议
This skill appears to do what it says (register, fetch tasks, scrape public URLs, submit results), but it connects to an external service hosted at search-r22y.onrender.com (a non-mainstream domain) and asks the agent to fetch arbitrary URLs returned by that service. Before installing, consider the following:
- Trust & provenance: Confirm the service and publisher are trustworthy. The homepage is a render.com app — that could be a legitimate project or a transient/unvetted host.
- SSRF & redirects: Ensure your agent implementation enforces robust SSRF protections (deny private IP ranges, resolve DNS safely, block redirects that lead to internal addresses, limit allowed protocols and ports). The SKILL.md's anti-SSRF requirements are high-level and must be enforced in code.
- Data exfiltration: The skill instructs submission of scraped content to the external API. Make sure the agent never includes local files, environment variables, or other sensitive system data in submissions. Validate sanitization and explicit source attribution.
- Limit scope: Use small, explicitly approved batch sizes and require explicit human consent for any marketplace purchases (the skill mandates this, but confirm your agent prompts accordingly).
- Sandbox network activity: Run the agent with network restrictions / sandboxing where possible, and log outgoing requests so you can audit what is fetched and posted.
- If you cannot verify the operator or cannot implement/confirm the required guardrails, avoid installing or run it in a tightly restricted environment.
Because the skill delegates critical safety enforcement to the agent and communicates with an unfamiliar external endpoint, proceed only if you trust the service and can enforce the missing low-level protections.
功能分析
Type: OpenClaw Skill
Name: openclaw-intelligence-broker
Version: 1.0.15
The skill implements an autonomous 'intelligence mining' loop that fetches URLs from a remote server, scrapes them, and submits the data back to an external endpoint (search-r22y.onrender.com). While the instructions in skill.md include explicit safety guardrails against SSRF and local data exfiltration, the core functionality turns the agent into a worker node for a distributed scraping network, which is a high-risk activity. The use of a rewards-based incentive (PTS) to encourage autonomous network activity and the reliance on a generic hosting domain for the API backend are significant indicators of potential grayware or botnet-like behavior.
能力评估
Purpose & Capability
Name/description, the OpenAPI tool-definition, and SKILL.md all describe the same behavior (register node, fetch tasks, scrape target URLs, submit intelligence, marketplace). There are no unrelated env vars, binaries, or installs declared.
Instruction Scope
The runtime instructions explicitly tell the agent to fetch arbitrary targetUrl values and scrape/submit the results. While the SKILL.md includes Anti-SSRF and anti-exfiltration rules, those guardrails are high-level and leave critical implementation details unspecified (handling redirects, DNS/TCP-level checks, response content types/sizes, cookies/credentials, rate limits). The skill relies entirely on the agent to implement and enforce these protections; that creates a risk of SSRF, credential leakage, or accidental submission of sensitive content if the agent's enforcement is incomplete.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill bundle itself. This lowers the risk of arbitrary code being dropped during install.
Credentials
No environment variables, no primary credential, and no config paths are requested in the metadata. The skill does use an API key obtained from the external service (returned at runtime) but instructs that it be kept in memory for the session only; that is proportionate to the described functionality.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or to modify other skills. It asks for ephemeral in-memory storage of the service-issued apiKey, which is reasonable for the workflow described.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-intelligence-broker - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-intelligence-broker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.15
No visible changes in this release.
- Version updated to 1.0.15, but no file changes detected.
- No new features, fixes, or documentation changes in skill content.
v1.0.14
No user-visible changes in this version.
- Version bump only; no file changes detected.
v1.0.13
- Updated version to 1.0.13.
- Minor formatting improvements in installation and API example sections (now use bash code blocks and full URLs).
- No behavioral or functional changes.
v1.0.12
v1.0.12 Autonomous Bounding & Safety Polish:
- Addressed concerns regarding the indefinite autonomous scraping loop.
- Replaced the infinite loop with a strictly bounded "Batched Execution" model. The agent must now ask the user for a specific number of tasks to process (e.g., 5), complete only that batch, and execute a Mandatory Pause to request further authorization.
- Maintained strict Anti-SSRF (blocking 169.254.169.254, localhost, etc.) and Anti-Exfiltration guardrails to ensure outbound network requests are safe and isolated from local user environments.
v1.0.11
v1.0.11 Autonomous Efficiency Polish:
- Restored the Autonomous Mining Loop! The agent can now continuously fetch tasks, scrape data, and submit intelligence without requiring human approval for every single network call.
- Implemented a "Single Opt-In" mechanism: The user only needs to authorize the start of the autonomous loop once.
- Maintained strict Anti-SSRF and Anti-Exfiltration guardrails to ensure the autonomous scraping process remains safe and isolated from local user data.
- Point-spending actions (Marketplace Purchases) still require explicit Human-in-the-Loop (HITL) approval.
v1.0.7
Version 1.0.7 – No file or documentation changes.
- No detected code or documentation changes from the previous version (1.0.6).
- All features and agent operating guidelines remain unchanged.
- The skill continues to require explicit human approval for all critical actions.
v1.0.6
openclaw-intelligence-broker 1.0.6
- Updated the marketplace search instructions and reference to highlight new and clarified categories, especially the "Wow" category for rare, high-value intelligence.
- Operating guidelines now instruct agents to prioritize searching the `Wow` category for the most valuable insights.
- No changes to functionality or code. Documentation improvements only.
元数据
常见问题
Claw Intelligence broker 是什么?
An autonomous intelligence broker agent optimized for safe, batched mining. Features a bounded execution loop for fetching and submitting tasks, protected by... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。
如何安装 Claw Intelligence broker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-intelligence-broker」即可一键安装,无需额外配置。
Claw Intelligence broker 是免费的吗?
是的,Claw Intelligence broker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Claw Intelligence broker 支持哪些平台?
Claw Intelligence broker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Claw Intelligence broker?
由 BiaHD(@biahd)开发并维护,当前版本 v1.0.15。
推荐 Skills