MONK-EYE Engine
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does not show credential theft or destructive code, but it appears to claim deep forum research and massive scans without actually performing them.
Treat this as a Review item before installing. It does not show destructive or credential-stealing behavior, but its code appears to simulate deep research rather than perform it. If you use it, require verifiable sources for every claim, keep searches narrowly scoped, and review or fix the hard-coded paths and dependency handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could receive a strategic report that appears to be based on deep research even when no such scan occurred.
The entrypoint reports crawling and millions of processed data points, but the file contains only logging/config loading and no actual search, crawl, API, or data-processing logic before declaring success.
print(f"[*] Crawling deep threads in BHW, R10, and Habr...") ... print("Status: HEAVY SCAN COMPLETED - Millions of data points processed.")Do not rely on the skill's completion messages alone; require exact source URLs, quoted evidence, and verifiable intermediate results before trusting its output.
The agent may perform many external searches or crawls unless you limit domains, depth, and topic scope.
Broad recursive scanning is disclosed and aligned with the research purpose, but it could cause extensive browser/search activity if implemented through agent tools.
Simultaneously scans 500+ deep sources, following links recursively (Depth: 2+).
Run it only with explicit scope limits, ask for a proposed source list first, and avoid directing it toward private or access-restricted material.
Manual dependency installation could pull current package versions from your package index rather than a reviewed, pinned set.
The skill references external Python packages without pinned versions, while the registry install spec is absent. This is common for scraping-related tooling but still leaves dependency provenance to the user.
"dependencies": ["requests", "beautifulsoup4"]
Install dependencies only from trusted sources and consider pinning versions in a controlled environment.
Query generation may fail or be influenced by another local skill's forum list if that path exists.
This script depends on a hard-coded file path in a different skill directory instead of the included forums.json, creating an undeclared cross-skill dependency.
FORUMS_PATH = "/root/.openclaw/workspace/skills/global-forum-oracle/forums.json"
Change the script to use this skill's own bundled forums.json or clearly declare and validate any external local dependency.