wild-idea
PassAudited by ClawScan on May 13, 2026.
Overview
This is a coherent brainstorming skill; the main things to notice are that it can run local Python/curl commands, use a Tavily API key, and send search queries to Tavily.
This skill appears safe for its intended creative-brainstorming use. Before installing, confirm you are comfortable with local command execution, Tavily API-key use, and external search queries that may include details from your prompt.
Publisher note
Remote domain injection brainstorming — throw unrelated things next to each other and let friction spark ideas. Quickstart: 1. Inject 3 channels (17 domains / 50 seeds / 500 chars+web) 2. Extract 1 concrete nail per source (must include a NUMBER) 3. Find 1 concrete counterpart per nail 4. Gate: comfort check + web verification The One Rule: Zero abstraction between nail and counterpart. No "because", "therefore", "this means", "this implies". Just raw juxtaposition. Example: | Nail | Counterpart | |-----------|---------------| | Bees: 75ms wing = 1km | App: 3 questions/day quota | | Shackleton: abandoned all gear | Button: "reset everything" |
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute local commands and make web requests while using this skill.
The skill explicitly asks the agent to run local Python scripts and curl commands. This is central to the brainstorming/search workflow, but users should know the skill uses local tools and network calls.
Run `python3 scripts/pick_seed.py` ... Run `python3 scripts/search_char.py` ... Use curl + Tavily API to verify counterparts are novel
Use it only in an environment where local command execution is acceptable, and review or constrain shell commands if sensitive inputs are involved.
A Tavily API key may be used to perform searches, and usage may be billed or logged by the provider.
The skill documentation shows reading a Tavily API key from the local OpenClaw environment file for search requests. This is expected for Tavily integration, but it is still credential access.
KEY=$(grep TAVILY_API_KEY ~/.openclaw/.env | cut -d'=' -f2)
Use a dedicated, revocable Tavily key with minimal privileges and avoid pasting secrets into prompts or generated output.
Search behavior may depend on another installed helper skill/script in the user’s home directory.
The script delegates Tavily searching to a helper script outside this skill package if that helper exists. That dependency is purpose-aligned but is not fully reviewed in the provided artifacts.
TAVILY_SCRIPT = pathlib.Path.home() / ".hermes" / "skills" / "openclaw-imports" / "openclaw-tavily-search" / "scripts" / "tavily_search.py"
Verify the external Tavily helper comes from a trusted source, or use the direct curl path instead.
Confidential product ideas or internal terminology could be sent to an external search provider if included in verification queries.
The web verification step sends search queries to Tavily. This is disclosed and necessary for novelty checking, but the query may contain product names or strategy details from the user’s problem.
curl -s "https://api.tavily.com/search" ... "query": "your search"
Avoid using this skill with confidential project names or sensitive strategy details unless external search disclosure is acceptable.