ClawHub

ClawBridge - Find Connections

v1.0.1

Runs nightly searches to identify and rank relevant candidates matching your offer and ask, delivering evidence-backed connection briefs for human review.

2· 1.6k·2 current·2 all-time
by@moltlife
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's stated purpose (nightly scouting to find connection opportunities and draft outreach) lines up with what it requires and describes: web_search, web_fetch and browser for JS-rendered pages, output JSON/Markdown, and local run/run budget. There are no unrelated credentials, binaries, or config paths requested. Minor note: package.json version (1.0.0) differs from registry version (1.0.1) and the top-level registry description is missing — these are quality issues but not functional mismatches.
Instruction Scope
SKILL.md and the prompt files explicitly confine actions to web discovery, fetching public pages, filtering, ranking, and drafting. The instructions call out privacy and safety (respect robots.txt, avoid closed/ private communities, keep secrets out of prompts, honor avoid_list, human approval required). It does collect and persist public contact evidence (including emails if publicly available) which is consistent with its purpose — users should be aware of privacy and anti-spam/legal constraints before enabling runs.
Install Mechanism
This is instruction-only (no install spec); install guidance references standard CLIs (clawhub/openclaw) and cloning from GitHub with placeholders. No downloads from arbitrary URLs or archive extraction are present. Installing recommended CLIs (npm global installs) is normal for this ecosystem.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The README shows optional env knobs (CLAWBRIDGE_TOP_K, CLAWBRIDGE_RECENCY_DAYS) which are proportionate. There are no requests for unrelated secrets or multiple external credentials.
Persistence & Privilege
always:false and default model invocation settings are appropriate. The skill does write output to local files (run.json/run.md) which is expected. It does not request persistent elevated privileges or modifications to other skills/configs.
Assessment
This skill is internally consistent and appears to do what it claims: scour public web venues, validate evidence, rank candidates, and produce draft messages for human review. Before installing, consider: 1) Confirm you want an agent that will fetch public pages and potentially extract publicly listed contact info — ensure this aligns with your privacy policy and anti-spam/legal requirements in your jurisdictions. 2) Configure run_budget, avoid_list, and constraints to limit scraping and rate usage; enable the platform tool allowlist so only web_search/web_fetch/browser are available to this skill. 3) Keep the human-in-the-loop requirement (do not enable auto-send actions) and review outputs before outreach. 4) Note small quality issues (version mismatch in package.json and missing registry description/homepage) — these don't indicate maliciousness but you may want to verify the skill source (the GitHub placeholders) before trusting scheduled runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gp4km77ynzt0ac65xxqkpx80adjx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments