← 返回 Skills 市场

Scry

Name: Scry
Author: vihangd

作者 Vihang D · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

271

总下载

当前安装

版本数

在 OpenClaw 中安装

/install scry

功能描述

Research any topic across 26+ sources: Reddit, X, YouTube, GitHub, HN, Bluesky, ArXiv, Dev.to, Polymarket, and more. The most comprehensive research skill av...

安全使用建议

This skill is a local research aggregator and appears coherent with its description, but it will (1) run the included Python script (scripts/scry.py) which performs many network requests, (2) probe your environment and config files for optional API keys and binaries, and (3) write a cache to ~/.cache/scry and may read ~/.config/scry/.env or ~/.config/last30days/.env. Before installing or running: (A) inspect scripts/scry.py (full contents) to confirm no unexpected output of secrets; (B) avoid storing sensitive credentials in your shell environment or ~/.config/scry/.env if you do not want them used; (C) run the skill in an isolated environment (container or throwaway account) if you need to be conservative. If you want, I can scan scripts/scry.py (the orchestrator) for any places that might print or transmit environment values or other surprises — provide the file and I'll review it line-by-line.

功能分析

Type: OpenClaw Skill Name: scry Version: 0.1.0 The 'scry' skill is a comprehensive research tool that aggregates data from over 26 sources. However, it includes a high-risk capability within the vendored 'bird-search' component (specifically in `vendor/bird-search/lib/cookies.js`), which contains logic to automatically extract authentication cookies (`auth_token` and `ct0`) from local browser databases (Safari, Chrome, and Firefox). While the documentation in `README.md` and `SKILL.md` acknowledges the use of browser cookies for X (Twitter) searches, the automated harvesting of sensitive browser credentials represents a significant security and privacy risk. The rest of the codebase, including the Python orchestrator (`scry.py`) and various source modules, appears functional and aligned with the stated purpose.

能力评估

✓ Purpose & Capability

The name/description (multi-source research) align with the included modules and SKILL.md. The repository contains source modules for the many sites listed (GitHub, Reddit, X, YouTube, ArXiv, SEC EDGAR, etc.), scoring/deduplication pipelines, and a CLI orchestrator. The requested binaries/tokens are optional and match optional sources (yt-dlp for YouTube, X/Twitter cookies/tokens for X, SCRAPECREATORS_API_KEY for TikTok/Instagram, HF_TOKEN for HuggingFace, etc.).

ℹ Instruction Scope

The runtime instructions explicitly tell the agent to locate and execute scripts/scry.py (foreground, 5-minute timeout) and to read the entire output. The SKILL.md also instructs the agent to "discover available API keys and binaries." The code supports that: env.py reads ~/.config/scry/.env and environment variables and probes for binaries. This is coherent with enabling optional source access, but it does mean the script will enumerate local config and env keys when run.

✓ Install Mechanism

No install spec is provided (no external downloads or installers). The skill is shipped with Python code (and vendored JavaScript for the X client). Running it executes the included scripts; nothing in the package attempts to fetch arbitrary install artifacts at runtime. This is the lower-risk pattern for skill distribution, but note that executing the bundled code runs network calls.

ℹ Credentials

The skill does not declare required env vars in the registry metadata, but its code reads a broad set of environment variables and config files (OPENAI_API_KEY, XAI_API_KEY, AUTH_TOKEN, CT0, THREADS_ACCESS_TOKEN, SCRAPECREATORS_API_KEY, HF_TOKEN, PRODUCTHUNT_TOKEN, SO_API_KEY, etc.) and will use them if present. This is proportionate to offering optional access to additional sources, but it means any tokens present in your environment or in ~/.config/scry/.env (or the compatibility path ~/.config/last30days/.env) could be accessed and used by the script. If you have sensitive keys in your environment, consider running the skill in a controlled environment or removing/isolating those keys.

✓ Persistence & Privilege

The skill does not request always:true and does not alter other skills. It writes a cache to ~/.cache/scry and can read/write ~/.config/scry/.env per README guidance; those are reasonable for a local research tool. It does not request system-wide privileges beyond normal file I/O in user directories.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install scry
安装完成后，直接呼叫该 Skill 的名称或使用 /scry 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of scry: comprehensive multi-source research skill. - Researches any topic across 26+ platforms (Reddit, X, YouTube, GitHub, HN, ArXiv, and more). - Automatically parses user intent for topic, domain, query type, and target tool. - Runs the scry script in the foreground, synchronizing results from all sources. - Supplements output with WebSearch for blogs, news, and tutorials not covered by main sources. - Synthesizes key findings with weighted cross-source signals and concise attributions. - Displays clear research summaries, structured stats, and actionable next steps.

元数据

Slug scry

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Scry 是什么？

Research any topic across 26+ sources: Reddit, X, YouTube, GitHub, HN, Bluesky, ArXiv, Dev.to, Polymarket, and more. The most comprehensive research skill av... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 271 次。

如何安装 Scry？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install scry」即可一键安装，无需额外配置。

Scry 是免费的吗？

是的，Scry 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Scry 支持哪些平台？

Scry 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Scry？

由 Vihang D（@vihangd）开发并维护，当前版本 v0.1.0。