ClawHub

Watchboard Intelligence

v2.0.0

Query Watchboard intelligence dashboards (watchboard.dev) for structured event data, casualties, KPIs, contested claims, and daily digests across 51+ tracker...

0· 42·0 current·0 all-time
byArtemio Padilla@artemiopadilla
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Watchboard intelligence dashboards) match the code and SKILL.md: the code fetches JSON endpoints from https://watchboard.dev/api/v1, exposes commands for listing trackers, summaries, events, KPIs, breaking items, search, and RSS. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md instructions are specific and map directly to the CLI in scripts/watchboard.py. The instructions tell the agent to call the public API and optionally use RSS as a fallback. The runtime code only reads/writes local cache files (/tmp/watchboard-cache/) and performs network requests to the declared BASE_URL; it does not attempt to read other system files or environment variables.
Install Mechanism
No install spec is provided (instruction-only + a python script). The code uses only Python stdlib (urllib, json, xml.etree) and requires Python 3.8+, which is consistent with the SKILL.md claim of zero dependencies.
Credentials
The skill declares no required environment variables, no credentials, and requests no config paths. The code does not read credentials from env or disk beyond its local cache directory, so requested access is proportional to purpose.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The only persistent action is writing cached HTTP responses to /tmp/watchboard-cache/ with a 1h TTL; it does not modify other skills or system-wide configuration.
Assessment
This skill appears to do exactly what it claims: query the public watchboard.dev API and show structured tracker data. Before installing, consider: (1) it makes outbound network requests to watchboard.dev — only install if you trust that remote site; (2) it writes cached JSON to /tmp/watchboard-cache/ (temporary but world-readable on multi-user systems), so cached content could be visible to other local users; (3) there is no integrity/signature check of API responses, so if your environment's DNS or network were compromised you could receive tampered data; (4) the skill has no secrets or privileged access required. If you have concerns, review the scripts/watchboard.py source locally or run the skill in a sandboxed environment (network-restricted or monitored) before granting it broader use.

Like a lobster shell, security has layers — review code before you run it.

geopoliticsvk97asnfaezdzqae1cv702qxyh984s0nsintelligencevk97asnfaezdzqae1cv702qxyh984s0nslatestvk97asnfaezdzqae1cv702qxyh984s0nsnewsvk97asnfaezdzqae1cv702qxyh984s0nsosintvk97asnfaezdzqae1cv702qxyh984s0ns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments