Openclaw Skill Money Idea Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s behavior matches its money-idea purpose, but it uses external trend sources, may run an undeclared Twitter search CLI, and stores idea/revenue records locally.
This appears reasonable for a money-idea and trend-monitoring skill. Before installing, decide whether you are comfortable with public web/API queries, optional GitHub token use, the local `bird` CLI being run if present, and local retention of idea/revenue records.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a `bird` command exists on the user’s system, the skill may run it to search Twitter/X trends.
The skill can run a local `bird` executable during normal multi-source trend collection. The arguments are fixed and purpose-aligned, but the binary is not declared in the skill requirements.
subprocess.run(['bird', 'search', 'AI trending', '--limit', '10'], capture_output=True, text=True, timeout=30)
Only use this with a trusted `bird` CLI installed, or disable/avoid the Twitter multi-source path if that command is not desired.
The installed `requests` package version depends on the current package index and local environment.
The manual setup installs an unpinned Python dependency. This is common and purpose-aligned, but it leaves dependency version/provenance to the user environment.
pip install requests
Prefer a pinned requirements file or install from a trusted Python package index/environment.
If `GITHUB_TOKEN` is configured, the skill can make GitHub API requests using that token.
The code uses an optional GitHub token for GitHub API requests. This matches the documented GitHub monitoring purpose and no unrelated token transmission is shown.
self.headers = {'Authorization': f'token {token}'} if token else {}Use a low-privilege or read-only GitHub token, or leave it unset if higher rate limits are not needed.
Generated ideas, notes, execution status, and revenue entries may remain on disk after use.
The asset pool persists ideas, execution tracking, and revenue records in local JSON files. This supports the stated asset-pool feature, but it retains potentially sensitive business notes locally.
self.data_dir = data_dir or os.path.expanduser('~/.openclaw/workspace/memory/money-ideas')Avoid entering sensitive financial details unless local persistence is acceptable, and clear `~/.openclaw/workspace/memory/money-ideas` if you want to remove saved records.