Scout

What to check before installing or enabling this skill: - Confirm origin: the SKILL.md points to a GitHub repo (indigokarasu/scout). Review that repository yourself to verify the code and to confirm how (or whether) the cron self-update and scout.init behaviors are implemented. An instruction-only bundle here cannot actually register cron jobs itself unless the platform or a fetched repo does so. - Ask the author to clarify declared filesystem permissions: SKILL.md says Scout will write Signal files to ~/openclaw/db/ocas-elephas/intake/, but skill.json only lists read/write for ~/openclaw/data/ocas-scout/ and ~/openclaw/journals/ocas-scout/. If the skill will place files in Elephas' intake directory, that write access should be declared and you should consent to cross-skill writes. - Be cautious about persistence/self-update: the skill claims to register a nightly self-update cron job. Decide if you want an auto-updating skill (it changes behavior over time). If you allow updates, verify the update source (the GitHub repo and release mechanism) and whether updates are signed/verified. - Data handling and privacy: Scout will store research results and journals locally and emit Signal files (which may contain PII) to an intake directory. Confirm retention settings (default retention: 90 days) and where backups or exports go. Ensure you understand and approve these local writes before use. - Tier 3 paid sources: do not enable paid-source escalation without explicit policy and credential handling controls. The skill claims Tier 3 requires a PermissionGrant; verify the implementation enforces that hard stop. - If you cannot inspect the upstream repo, treat this as higher risk: avoid enabling self-update and cross-skill writes until provenance and implementation details are verified. If the author can confirm and correct the declared filesystem permissions and explain exactly how/where cron registration and self-updates occur (and you inspect the upstream code), the remaining concerns are addressable.