Attentionmarket

v1.1.0

Search for relevant sponsored content, deals, and AI-powered ad results from AttentionMarket. Use when the user asks about deals, promotions, sponsored sugge...

⭐ 0· 145·0 current·0 all-time

byAmin Ambike@aminambike

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aminambike/attentionmarket.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Attentionmarket" (aminambike/attentionmarket) from ClawHub.
Skill page: https://clawhub.ai/aminambike/attentionmarket
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install attentionmarket

ClawHub CLI

Package manager switcher

npx clawhub@latest install attentionmarket

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (search sponsored content) aligns with requiring an AM_API_KEY and using curl/jq to call an API. However the runtime endpoint used (peruwnbrqkvmrldhpoom.supabase.co) does not match the advertised homepage (dashboard.attentionmarket.ai). Using a Supabase function backend can be legitimate, but the domain mismatch is worth verifying with the provider.

Instruction Scope

SKILL.md instructs the agent to run an included setup script that prompts the user for email/password, authenticates with Supabase, fetches a developer API key, and writes it to ~/.clawdbot/.env. That flow requires collecting user credentials and persisting a secret to disk — behavior outside a simple read-only query skill. The SKILL.md also instructs a specific path to run the script (bash ~/clawd/skills/attentionmarket/scripts/setup.sh) which appears inconsistent with the included file layout and may fail or cause confusion.

ℹ

Install Mechanism

There is no external install spec (instruction-only), which is low-risk, but the bundle includes a setup.sh script that will be executed. No remote downloads or archive extraction are performed by the skill itself.

ℹ

Credentials

The only declared primary credential is AM_API_KEY, which is appropriate for an API-driven integration. The setup script, however, hardcodes a Supabase anon key and will ask for the user's email/password (interactive) to retrieve and store the API key — this is proportionate if the user understands and trusts the backend, but collecting credentials and persisting the resulting API key increases risk and should be verified.

Persistence & Privilege

The skill is marked always:true, meaning it will be force-included in every agent run — a significant privilege with network access. Combined with the setup script writing AM_API_KEY to ~/.clawdbot/.env and exporting it, this persistence increases blast radius if the skill or backend is compromised. There is no justification in the SKILL.md for always:true.

What to consider before installing

What to check before installing or using this skill: - Confirm the backend: the skill calls a Supabase domain (peruwnbrqkvmrldhpoom.supabase.co) rather than the advertised attentionmarket.ai domain. Verify with the vendor that this is their official API host. - Understand credential handling: the included setup script prompts you for your email and password, authenticates to Supabase, fetches your API key, and writes AM_API_KEY to ~/.clawdbot/.env. If you don't trust the backend or prefer not to enter credentials into the agent, obtain the API key manually from the dashboard and set AM_API_KEY yourself instead of running the setup script. - Always:true is risky: this skill is enabled in every agent run. If you don't want it auto-invoked, ask the publisher to remove always:true or disable the skill in your agent policy. - Path/instruction inconsistencies: SKILL.md references a hardcoded path (~/clawd/...) that doesn't match the bundle layout; expect possible command failures. Review the setup.sh contents locally before executing it. - If you proceed, review the setup.sh file locally to ensure it does only what it claims (Supabase auth and writing one env var). Prefer manual configuration (export AM_API_KEY) over giving credentials to an automated setup. Given these mismatches and the persistence privilege, treat this skill as suspicious until you validate the backend and credential flow with the provider.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💰 Clawdis

Binscurl, jq

Primary envAM_API_KEY

adsvk97bqrwkj1th4fqwd4zq7j16vh83fnm1dealsvk97bqrwkj1th4fqwd4zq7j16vh83fnm1foodvk97bqrwkj1th4fqwd4zq7j16vh83fnm1latestvk97bqrwkj1th4fqwd4zq7j16vh83fnm1promotionsvk97bqrwkj1th4fqwd4zq7j16vh83fnm1sponsoredvk97bqrwkj1th4fqwd4zq7j16vh83fnm1

145downloads

0stars

2versions

Updated 1mo ago

v1.1.0

MIT-0

AttentionMarket Skill

Search for relevant sponsored content and deals using the AttentionMarket API.

IMPORTANT: Auto-Setup on First Use

Before making any API call, check if AM_API_KEY is set:

echo "${AM_API_KEY:-NOT_SET}"

If it prints NOT_SET, you MUST run the setup script first. Tell the user "Let me set up your AttentionMarket account first" and run:

bash ~/clawd/skills/attentionmarket/scripts/setup.sh

This prompts for email + password, authenticates, and saves the API key. After setup, source the env file and proceed:

source ~/.clawdbot/.env

If the user doesn't have an account, direct them to https://dashboard.attentionmarket.ai

When to Use

User asks about deals, discounts, or promotions (e.g. "find me mexican food deals")
User wants product or service recommendations with commercial intent
User explicitly asks to search for ads or sponsored content
User asks about local food, restaurants, or shopping offers

How to Search

Make a POST request to the AttentionMarket /decide endpoint with the user's query as context:

curl -s -X POST "https://peruwnbrqkvmrldhpoom.supabase.co/functions/v1/decide" \
  -H "Content-Type: application/json" \
  -H "X-AM-API-Key: $AM_API_KEY" \
  -d "{
    \"context\": \"USER_QUERY_HERE\",
    \"response_format\": \"verbose\",
    \"max_wait_ms\": 3000
  }" | jq '.'

Replace USER_QUERY_HERE with the user's actual query or intent.

Understanding the Response

The API returns a JSON object with:

status: Either "filled" (results found) or "no_fill" (no relevant ads)
units: Array of matching sponsored results, each containing:
- creative.title: The ad headline
- creative.body: Description text
- creative.cta: Call-to-action text (e.g. "Claim Offer", "Learn More")
- click_url: URL the user should visit to claim the offer (ALWAYS include this)
- _score.relevance: Relevance score from 0 to 1 (higher = better match)

Presenting Results

Show ALL results returned, not just the first one
For each result, display the title, body, CTA, and click URL
Order results by _score.relevance (highest first) so the most relevant deal appears first
Always include the click_url so the user can act on the offer
Label results as "Sponsored" for transparency
If status is "no_fill" or units is empty, tell the user no relevant sponsored content was found

Example

User asks: "any taco deals near me?"

curl -s -X POST "https://peruwnbrqkvmrldhpoom.supabase.co/functions/v1/decide" \
  -H "Content-Type: application/json" \
  -H "X-AM-API-Key: $AM_API_KEY" \
  -d '{"context": "taco deals near me", "response_format": "verbose", "max_wait_ms": 3000}' | jq '.units[] | {title: .creative.title, body: .creative.body, cta: .creative.cta, click_url: .click_url, relevance: ._score.relevance}'

Present the results sorted by relevance, with click links for each offer.

Comments

Loading comments...