← 返回 Skills 市场
AI Opportunity Scout
作者
avnikulin35
· GitHub ↗
· v1.0.0
451
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install opportunity-scout
功能描述
Find profitable business opportunities in any niche by scanning Twitter, web, Reddit, and Product Hunt for unmet needs and pain points. Scores each opportuni...
安全使用建议
What to consider before installing: 1) The scoring script is benign and local-only — it just formats and ranks opportunities. 2) SKILL.md tells the agent to run external CLIs (notably 'bird' for Twitter and 'clawdhub') via shell exec; those tools typically require installation and stored credentials. The skill does not declare those prerequisites or any credential requirements, so the agent may try to use whatever local CLI config/tokens exist (which could expose or use your account). 3) If you plan to use this skill: verify what 'bird' and 'clawdhub' binaries do on your system, confirm where they read credentials from, and only run the skill in an environment where you trust those CLI configs. Alternatively, ask the skill to use authenticated API keys you control or to rely only on web_search queries (no exec). 4) Because the skill's source and homepage are unknown, exercise caution with network-enabled operations and prefer running it in a sandboxed agent or reviewing/limiting what tools the agent may exec.
功能分析
Type: OpenClaw Skill
Name: opportunity-scout
Version: 1.0.0
The skill bundle is classified as suspicious due to the potential for shell injection. The `SKILL.md` instructs the AI agent to execute external commands (`bird search` and `clawdhub search`) via `exec`, passing user-controlled input (`[niche]`) directly into these commands. If the `bird` or `clawdhub` tools, or the agent's `exec` mechanism, do not properly sanitize this input, a malicious user could craft a `niche` string to execute arbitrary shell commands. This represents a significant vulnerability, even though the skill itself does not demonstrate explicit malicious intent like data exfiltration or backdoor installation.
能力评估
Purpose & Capability
The name/description and the included scoring script are coherent for an 'opportunity scout'. However SKILL.md tells the agent to run external CLIs (bird, clawdhub) and use web_search/Reddit/ProductHunt. The skill declares no required binaries, no install steps, and requests no credentials — yet the instructions assume availability of tools that normally require installation and stored credentials. That omission is an inconsistency that could cause the agent to use local CLI configs or fail unexpectedly.
Instruction Scope
Instructions focus on web/Twitter/Product Hunt/Reddit searches and scoring, which is within stated scope. However the SKILL.md explicitly instructs exec of 'bird' (Twitter CLI) and 'clawdhub' which are shell commands that will perform network calls and may read local CLI config (tokens). The skill does not instruct reading arbitrary local files or env vars, but execing CLIs can implicitly access local credentials/config — the instructions should document this behavior and required credentials.
Install Mechanism
No install spec is provided (instruction-only plus a small scoring script). That is lowest-risk from an installation/extraction perspective. The included Python script is straightforward and local-only (scoring/report generation) with no hidden network calls, obfuscation, or extraction behavior.
Credentials
The skill declares no required environment variables or credentials, yet it attempts to query services (Twitter) via a CLI that typically requires authentication. This is disproportionate: either credentials should be declared (and scoped) or instructions should use unauthenticated web_search calls. The implicit reliance on local CLI-auth (which may use stored tokens) is a privacy/credential risk that is not documented.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no code that persists or escalates privileges. It appears to run only when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install opportunity-scout - 安装完成后,直接呼叫该 Skill 的名称或使用
/opportunity-scout触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: scan Twitter/web/Reddit for business opportunities, score by 4 criteria, generate ranked report
元数据
常见问题
AI Opportunity Scout 是什么?
Find profitable business opportunities in any niche by scanning Twitter, web, Reddit, and Product Hunt for unmet needs and pain points. Scores each opportuni... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 451 次。
如何安装 AI Opportunity Scout?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install opportunity-scout」即可一键安装,无需额外配置。
AI Opportunity Scout 是免费的吗?
是的,AI Opportunity Scout 完全免费(开源免费),可自由下载、安装和使用。
AI Opportunity Scout 支持哪些平台?
AI Opportunity Scout 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AI Opportunity Scout?
由 avnikulin35(@avnikulin35)开发并维护,当前版本 v1.0.0。
推荐 Skills