ClawHub

Ingestigate Investigative intelligence for AI agents

v1.0.9

Investigative intelligence — document search, entity extraction, and relationship graphing. Analyze document corpuses to find connections between people, org...

0· 127·0 current·0 all-time
by@aingestigate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description map to the declared behavior: accessing an external investigative API, searching corpora, extracting entities, and tracing relationships. The only required secrets are an access token and API base URL, which are appropriate for a remote API integration.
Instruction Scope
SKILL.md contains explicit API endpoints and rules for calling them; it does not instruct the agent to read local files, pull other environment variables, or exfiltrate data to unrelated endpoints. It requires the configured token and base URL and tells the agent to use the API for all evidence and workflows.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and there is no installer risk.
Credentials
Only two env vars are required (INGESTIGATE_TOKEN and INGESTIGATE_BASE_URL). Both are justified by the skill's need to call a remote API; no unrelated credentials or high-privilege config paths are requested.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It relies on short-lived tokens (30-minute expiry), and instructs users to configure credentials in the host platform's secure settings—standard and proportionate.
Assessment
This skill appears internally consistent and limited to calling the Ingestigate API. Before installing, verify you trust ingestigate.com/app1.ingestigate.com, confirm the token you configure is scoped/short-lived as described, and store INGESTIGATE_TOKEN and INGESTIGATE_BASE_URL only in your platform's secure skill settings (do not paste tokens into chat). If you will upload sensitive documents, confirm the provider's privacy, retention, and access controls (and consider an air-gapped deployment if required).

Like a lobster shell, security has layers — review code before you run it.

latestvk970wns5azp83fmrjdvttzc7fh836hm6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments