ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blacksnow

v0.1.0

Detects pre-news ambient risk signals across human, legal, and operational systems and converts them into machine-readable, tradable risk primitives.

0· 1.5k·0 current·0 all-time
bySieer Shafi Lone@sieershafilone
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the included scripts (harvester, pipeline, webhook, memory). However, the SKILL.md declares no required credentials or config paths while the codebase implies network I/O, data storage, and potential external integrations (monetization, streaming). The monetization and integration claims (real-time streaming, tradebot/hedgecore integration) suggest external API keys and credentials which are not declared — an incoherence that reduces transparency.
!
Instruction Scope
SKILL.md gives high-level agent roles but not bounded runtime instructions. Phrases like 'collects obscure, legally accessible data exhaust from approved domains' grant the agent broad latitude about what to fetch and from where. The skill claims to forbid private or paywalled sources, but there is no concrete enforcement mechanism described. Presence of memory.py and webhook.py suggests the runtime could persist or exfiltrate data or open network endpoints; those operations are not scoped or constrained in the instructions.
Install Mechanism
No install spec is provided — the skill is instruction/code-only and does not download arbitrary binaries during install. That lowers installation risk. All code is bundled with the skill (scripts/*), so there are no external download URLs in the manifest to flag.
!
Credentials
The manifest declares no required environment variables or primary credentials, yet the functionality (webhooks, streaming outputs, integrations with trading/monetization endpoints) implies the need for API keys, access tokens, or destination URLs. The lack of declared env requirements is disproportionate and reduces the user's ability to audit what secrets the skill will need or access.
Persistence & Privilege
always is not set and disableModelInvocation is not set (default enabled), so the model could invoke this skill autonomously. That is common for integration skills, but given this skill's potential to collect, store, and forward ambient signals, you should be aware the agent may trigger network I/O and data storage without additional explicit settings. The skill does include a memory component, indicating persistence capability.
What to consider before installing
This skill bundles code that scrapes/harvests, stores memory, and sends webhooks but declares no required credentials or install steps — that's a red flag. Before installing: 1) Review the scripts (harvester*, pipeline.py, memory.py, webhook.py) to confirm what endpoints are contacted, what is persisted, and whether any default URLs or keys are embedded. 2) Verify how the skill enforces its 'forbidden' list (no PII, no paywalled sources) — there is no technical proof in SKILL.md. 3) If you don't want autonomous network activity, set disableModelInvocation: true or otherwise require manual invocation. 4) Require an audit or code review for GDPR/PII handling and confirm where webhook targets will send data. 5) Ask the publisher which environment variables/credentials are actually needed and why they are not declared. These steps will reduce the risk of unexpected data collection or exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97en4461y8ernf7w7ddrt36g980qwbn
1.5kdownloads
0stars
1versions
Updated 6h ago
v0.1.0
MIT-0
Sieer Shafi Lone@sieershafilone
latest
Download

BlackSnow

Invisible Risk Exhaust → Tradable Signal Engine

BlackSnow is an economic sensor skill that ingests fragmented, low-signal, legally accessible data exhaust from multiple non-obvious domains. It applies ontology alignment, weak-signal Bayesian accumulation, and horizon forecasting to surface early risk vectors before formal events, news, or disclosures occur.

Outputs are structured for automated consumption by financial, insurance, logistics, and policy systems.

Core Capabilities

  • Ambient Risk Detection: Surfaces pre-event signals invisible to traditional monitoring
  • Weak-Signal Correlation: Connects individually meaningless data points into predictive patterns
  • Cross-Domain Ontology Fusion: Aligns heterogeneous inputs into unified risk primitives
  • Probabilistic Forecasting: Estimates outcome likelihoods and temporal windows
  • Tradable Signal Packaging: Converts internal risk states into sellable primitives

Non-Capabilities

  • ❌ Insider information
  • ❌ Sentiment analysis
  • ❌ News aggregation
  • ❌ Price prediction
  • ❌ Decision execution

What BlackSnow Detects

Signals that exist weeks earlier, fragmented across obscure, low-signal sources:

Micro-Behavioral Shifts

  • Municipal procurement wording changes
  • Infrastructure maintenance deferrals
  • Insurance clause revisions
  • Supply contract force-majeure language

Operational Anomalies

  • Unexpected overtime tenders
  • Silent vendor substitutions
  • Emergency inventory buffering

Legal Entropy

  • Draft regulation language drift
  • Repeated consultation extensions
  • Committee member attendance decay

Human System Stress

  • Attrition spikes in critical roles
  • Hiring freezes masked as "role realignment"
  • Union grievance language tone shifts

Output Schema

{
  "risk_vector": "infra.energy.grid",
  "signal_confidence": 0.87,
  "time_horizon_days": "21-45",
  "contributing_domains": ["procurement", "maintenance", "labor"],
  "likely_outcomes": [
    "localized outage",
    "price volatility",
    "policy intervention"
  ],
  "tradability": {
    "insurance": true,
    "commodities": true,
    "logistics": true,
    "policy": false
  }
}

Agents

AgentRoleDescription
harvesterIngestionCollects obscure, legally accessible data exhaust from approved domains
normalizerSemantic AlignmentMaps heterogeneous inputs into a unified risk ontology
accumulatorProbabilistic ReasoningPerforms Bayesian evidence accumulation over time
forecasterHorizon ModelingEstimates outcome likelihoods and temporal windows
packagerMonetization InterfaceConverts internal risk states into sellable signal primitives

Data Sources

Allowed

  • Public procurement notices
  • Regulatory draft documents
  • Contract language revisions
  • Maintenance and tender logs
  • Labor and union filings
  • Hiring and attrition metadata
  • Inventory and logistics metadata

Forbidden

  • Private communications
  • Leaked documents
  • Paywalled sources without license
  • Personal identifiable information

Monetization Tiers

TierAccessPrice
ObserverAggregated heatmaps$99/mo
OperatorRaw risk vectors$1,500/mo
Fund/APIReal-time streaming signals$10k–50k/mo
SovereignCustom domains & exclusivity$250k+/yr

Add-ons

  • Region exclusivity
  • Early-signal SLA
  • Historical backtesting
  • Compliance attestation

Integration

Compatible skills:

  • tradebot
  • hedgecore
  • logistics-router
  • policy-simulator

Chaining mode: async

Constraints

Legal

  • GDPR compliant
  • No personal data storage
  • No market manipulation intent

Ethical

  • No targeted individual profiling
  • No civilian harm forecasting

Operational

  • Explainability not guaranteed
  • Probabilistic outputs only

Risk Disclaimer

BlackSnow provides probabilistic risk intelligence, not predictions or advice. Users are solely responsible for downstream decisions and compliance.

Status

  • Deployment: Sandbox
  • Onboarding: Gated
  • Audit Required: Yes

Comments

Loading comments...