ClawHub

DELLIGHT Intelligence Operations

v1.0.0

Automation skill for DELLIGHT Intelligence Operations.

0· 756·1 current·1 all-time
byDELLIGHT@arthurelgindell·duplicate of @arthurelgindell/dellight-cio-intelligence
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description align with the instructions: market/competitive intelligence and reporting. However, it lists several source types (LinkedIn, Crunchbase, app stores, some newsletters) that commonly require credentials or dedicated APIs; the skill declares no required environment variables or credentials. This mismatch is explainable (it could rely on public scraping or already-provisioned agent integrations) but is worth noting.
!
Instruction Scope
SKILL.md repeatedly instructs the agent to 'collect data from all available sources' and to 'gather' from 'all available sources', which is open-ended and grants broad discretion. The doc does not constrain which endpoints to use, how to authenticate, or what data to avoid. There are also actions implied (notify CEO/CRO) without describing channels or permissions. Vague guidance like this can lead an agent to access unexpected resources or attempt to use credentials it finds available.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are pulled in. That minimizes installation risk.
Credentials
The skill requests no env vars or credentials yet names services that often require API keys or account access. Absence of declared credentials could be benign (public sources only) or a red flag (agent may search for credentials or try to reuse unrelated tokens). The SKILL.md does not reference any specific environment variables or config paths.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence. It uses default autonomous invocation (normal). It does not request to modify other skills or system-wide settings in the provided instructions.
What to consider before installing
This skill appears to be an intelligence/monitoring playbook rather than executable code, which reduces direct installation risk, but its instructions are vague and could cause an agent to probe many external services or reuse available credentials. Before installing: 1) Ask the author to clarify exactly which endpoints the skill will use and how it will authenticate (public scraping vs. API keys). 2) Require explicit declaration of any required credentials or webhooks. 3) Restrict the agent's runtime network and credential permissions (run in an isolated environment or sandbox and deny access to unrelated secrets). 4) Ask how notifications to CEO/CRO are sent and ensure those channels are safe and explicit. If you cannot get these clarifications, treat the skill as high-risk and avoid granting it broad access to accounts or secrets.

Like a lobster shell, security has layers — review code before you run it.

c-suitevk978c74mkrhytfxprg6107ddan8148mxdellightvk978c74mkrhytfxprg6107ddan8148mxintelligencevk978c74mkrhytfxprg6107ddan8148mxlatestvk978c74mkrhytfxprg6107ddan8148mx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments