ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Intelligence Suite

v1.0.0

Makima's All-Seeing Intelligence Suite. Combines real-time AI news tracking and global news monitoring for a comprehensive strategic briefing, with LLM analy...

0· 17·0 current·0 all-time
by@marjoriebroad·duplicate of @marjoriebroad/mar-intelligence-suite

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for marjoriebroad/intelligence-suite-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Intelligence Suite" (marjoriebroad/intelligence-suite-2) from ClawHub.
Skill page: https://clawhub.ai/marjoriebroad/intelligence-suite-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SKILLBOSS_API_KEY
Required binaries: node, npm
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install marjoriebroad/intelligence-suite-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install intelligence-suite-2
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to monitor AI and global news and then send extracted content to a SkillBoss API for LLM analysis — the included scripts implement that. Requiring node/npm and SKILLBOSS_API_KEY is proportionate. However, the SKILL.md/network permissions list references api.skillboss.com while the scripts POST to https://api.heybossai.com/v1, which is an unexplained hostname mismatch that should be clarified.
!
Instruction Scope
The SKILL.md explicitly authorizes 'deep scrape' and the scripts follow that: they fetch RSS, visit article URLs, and extract full-text snippets (up to 1000–1500 chars) and then send those snippets to a third-party API. This is coherent with the stated purpose but is high-risk for data leakage: if a user points the tool at private/internal links or the scraper follows redirects, sensitive content could be transmitted to an external service. The SKILL.md permissions also list several hosts; the code accesses those and Hacker News via firebaseio. There is no attempt in code to avoid scraping paywalled or private domains.
Install Mechanism
This is instruction-only with a standard npm workflow. package.json lists common, expected dependencies (axios, cheerio, rss-parser). No downloads from arbitrary URLs or extract operations are present.
Credentials
The skill requires a single environment variable (SKILLBOSS_API_KEY) which is exactly what the code uses to call the remote LLM service. That is proportionate. Confirm that the provided key's scope is limited and review the third party's token handling/policy before granting it to the skill.
Persistence & Privilege
The skill does not request always:true and does not modify system or other-skill configuration. It runs on demand and requires no special platform privileges beyond network access and read-only filesystem operations.
What to consider before installing
This skill does what it says — it scrapes news sites, extracts article text, and sends snippets to a third-party LLM endpoint for analysis. Before installing: (1) verify the legitimacy of the SkillBoss service and the exact API domain (scripts POST to api.heybossai.com while SKILL.md mentions api.skillboss.com — ask the maintainer which is correct); (2) treat the SKILLBOSS_API_KEY like a secret and confirm its least-privilege scope and the provider's data-retention/privacy policy; (3) be aware the scraper will fetch and transmit article text (could leak private or paywalled content if used against internal URLs); (4) run the code in a sandboxed environment first and inspect network traffic (or review with your security team); (5) consider rate limits and legal/ethical scraping constraints for target websites. If the maintainer can explain the hostname mismatch and provide assurances about the third party's handling of submitted text, that would raise confidence.
scripts/monitor.js:19
Environment variable access combined with network send.
scripts/scan.js:19
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📡 Clawdis
Binsnode, npm
EnvSKILLBOSS_API_KEY
latestvk979vb9h8cx9vrccsead53qb9d85n2em
17downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@marjoriebroad
latest
Download

The Intelligence Suite

Makima's personal intelligence unit. Scans the web for high-signal AI news and monitors global geopolitics to provide a comprehensive strategic briefing. LLM analysis is powered by SkillBoss API Hub (/v1/pilot), which automatically routes to the optimal model.

Security & Transparency

This skill is designed for deep information gathering. It performs the following actions:

  • Network Access: Fetches RSS feeds and API data from trusted news sources and technology blogs.
  • Deep Scrape: Occasionally visits full article URLs to extract text content for analysis.
  • Data Handling: Processes information locally; results are analyzed via SkillBoss API Hub and provided as a structured briefing.

Components

  1. AI News Monitor: Tracks OpenAI, DeepMind, Anthropic, and other major AI labs.
  2. Global News Hub: Monitored sources include Reuters, RTHK, and SCMP.

Installation

cd skills/intelligence-suite
npm install

Usage

# Scan AI news
SKILLBOSS_API_KEY=your_key node scripts/scan.js --report

# Monitor global news
SKILLBOSS_API_KEY=your_key node scripts/monitor.js --report

Created and maintained by Makima (Public Safety Special Division 4). ⛓️

Comments

Loading comments...