ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Tome Research

v1.0.0

Multi-source research across code, discourse, and academic channels

0· 24·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md's workflow (domain classification, dispatching code/discourse/academic agents, synthesizing findings, saving reports) matches the declared purpose of multi-source research. However the instructions assume a local Python package named 'tome' (modules like tome.scripts.*, tome.session, tome.synthesis, tome.output) and an 'Agent' tool for dispatching parallel agents; those runtime dependencies are not declared in the skill metadata.
Instruction Scope
Instructions include executable Python snippets, create a SessionManager using Path.cwd(), and save reports to docs/research/{session.id}-{slug}.md. That requires filesystem write access and a Python runtime with the referenced modules. The SKILL.md does not instruct exfiltration or access unrelated credentials, but it does assume access to local project files and ability to persist session state.
Install Mechanism
This is instruction-only with no install spec and no code files, so there is no installer risk. However the lack of an install step means the SKILL.md's Python modules and tools must already exist in the runtime; the metadata does not document how to obtain them.
Credentials
The skill requests no environment variables or credentials, which is proportionate. That said, it implicitly needs filesystem access and a Python environment with the 'tome' package and an 'Agent' tool; these implicit requirements are not declared, which is an omission the user should be aware of.
Persistence & Privilege
always:false and no install hooks are present. The skill instructs saving session state to the local docs/research/ path (its own workspace), which is a reasonable behavior for a research orchestrator and does not request elevated platform privileges or attempt to modify other skills.
What to consider before installing
This skill's workflow fits its description, but the SKILL.md assumes you have a Python runtime, a local 'tome' package providing many modules, and an 'Agent' dispatch tool — none of which are declared in the metadata. Before installing/using: (1) confirm your agent/runtime provides the 'tome' package and the Agent tool or add an explicit install step; (2) be aware the skill will write session files to your current working directory (docs/research/...), so run it in an appropriate or isolated workspace; (3) if you don't want automatic filesystem writes, request a dry-run or adjust the save path; (4) no credentials are requested by the skill, but lack of declared dependencies may cause silent failures — verify prerequisites first. I have medium confidence because the issues look like omissions/assumptions rather than clearly malicious intent; providing the runtime dependency list or an install spec would raise confidence to benign.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
latestvk97896dbqzseab0h79v0ddkjy1859x8e
24downloads
0stars
1versions
Updated 9h ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/tome. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Research Session Orchestrator

Run a full multi-source research session: classify the domain, dispatch parallel agents, synthesize findings, and output a formatted report.

Workflow

Step 1: Classify Domain

Run the domain classifier on the topic:

from tome.scripts.domain_classifier import classify
result = classify(topic)
# result.domain, result.triz_depth, result.channel_weights

If confidence < 0.6, ask the user to confirm or override the domain classification before proceeding.

Step 2: Plan Research

from tome.scripts.research_planner import plan
research_plan = plan(result)
# research_plan.channels, research_plan.weights, research_plan.triz_depth

Step 3: Create Session

from tome.session import SessionManager
mgr = SessionManager(Path.cwd())
session = mgr.create(topic, result.domain, result.triz_depth, research_plan.channels)

Step 4: Dispatch Agents

Launch research agents in parallel using the Agent tool. Use this mapping:

ChannelAgent TypePrompt Includes
codetome:code-searchertopic
discoursetome:discourse-scannertopic, domain, subreddits
academictome:literature-reviewertopic, domain
triztome:triz-analysttopic, domain, triz_depth

Rules:

  • Always dispatch code and discourse agents
  • Dispatch academic agent only if "academic" is in research_plan.channels
  • Dispatch triz agent only if "triz" is in research_plan.channels AND triz_depth != "light"
  • Dispatch all eligible agents in a SINGLE message (parallel, not sequential)

Each agent prompt must include:

  1. The topic string
  2. The domain classification
  3. Any channel-specific context (subreddits for discourse, triz_depth for triz)
  4. Instruction to return findings as JSON

Step 5: Collect and Synthesize

After all agents return:

  1. Parse each agent's findings into Finding objects
  2. Merge using tome.synthesis.merger.merge_findings()
  3. Rank using tome.synthesis.ranker.rank_findings()

Step 6: Generate Output

from tome.output.report import format_report, format_brief, format_transcript

# Default to report format
output = format_report(session)

# Save to docs/research/
output_path = f"docs/research/{session.id}-{slug}.md"

Save the session state:

mgr.save(session)

Step 7: Present Results

Display a brief summary to the user:

  • Number of findings per channel
  • Top 3 findings by relevance
  • Path to saved report

Then offer interactive refinement: "Use /tome:dig \"subtopic\" to explore specific areas."

Error Handling

  • If an agent fails, continue with remaining agents
  • If all agents fail, report the error and suggest manual research approaches
  • If synthesis produces 0 findings, state this clearly rather than generating an empty report
  • Save session state even on partial failure

Output Format Selection

FlagFormatFunction
(default)reportformat_report()
--format briefbriefformat_brief()
--format transcripttranscriptformat_transcript()

Comments

Loading comments...